--- local_mail_aliases: root: "root john.doe@{{ testsite_domain }}" smtp_relay_host: mail.{{ testsite_domain }} smtp_relay_truststore: /etc/ssl/certs/ca.pem ldap_client_config: - comment: Set the base DN option: BASE value: "{{ testsite_ldap_base }}" - comment: Set the default URI option: URI value: ldapi:/// - comment: Set the default bind DN option: BINDDN value: cn=admin,{{ testsite_ldap_base }} - comment: Set the LDAP TLS truststore option: TLS_CACERT value: /etc/ssl/certs/ca.pem ldap_server_config: domain: "{{ testsite_domain }}" organization: "Example Inc." log_level: 256 tls_certificate: "{{ inventory_dir }}/tls/ldap.{{ testsite_domain }}_ldap.pem" tls_key: "{{ inventory_dir }}/tls/ldap.{{ testsite_domain }}_ldap.key" ssf: 128 ldap_permissions: - filter: '(olcSuffix={{ testsite_ldap_base }})' rules: - > to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by dn="cn=admin,{{ testsite_ldap_base }}" manage by * break - > to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none - > to dn.base="" by * read - > to * by self write by dn="cn=admin,{{ testsite_ldap_base }}" write by users read by * none ldap_entries: - dn: "cn={4}misc,cn=schema,cn=config" objectClass: olcSchemaConfig cn: "{4}misc" olcAttributeTypes: - "{0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )" - "{1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )" - "{2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )" - "{3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )" olcObjectClasses: - "{0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )" - "{1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )" - dn: ou=people,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: people - dn: ou=groups,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: groups - dn: ou=services,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: services - dn: uid=johndoe,ou=people,{{ testsite_ldap_base }} objectClass: - inetOrgPerson uid: johndoe cn: John Doe sn: Doe userPassword: johndoe mail: john.doe@{{ testsite_domain }} - dn: uid=janedoe,ou=people,{{ testsite_ldap_base }} objectClass: - inetOrgPerson uid: janedoe cn: Jane Doe sn: Doe userPassword: janedoe mail: jane.doe@{{ testsite_domain }} - dn: cn=xmpp,ou=services,{{ testsite_ldap_base }} objectClass: - applicationProcess - simpleSecurityObject cn: xmpp userPassword: xmpp - dn: cn=xmpp,ou=groups,{{ testsite_ldap_base }} objectClass: groupOfUniqueNames cn: xmpp uniqueMember: - uid=johndoe,ou=people,{{ testsite_ldap_base }} - uid=janedoe,ou=people,{{ testsite_ldap_base }} - dn: cn=postfix,ou=services,{{ testsite_ldap_base }} objectClass: - applicationProcess - simpleSecurityObject cn: postfix userPassword: postfix - dn: cn=dovecot,ou=services,{{ testsite_ldap_base }} objectClass: - applicationProcess - simpleSecurityObject cn: dovecot userPassword: dovecot - dn: cn=mail,ou=groups,{{ testsite_ldap_base }} objectClass: groupOfUniqueNames cn: mail uniqueMember: - uid=johndoe,ou=people,{{ testsite_ldap_base }} - uid=janedoe,ou=people,{{ testsite_ldap_base }} - dn: ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: mail - dn: ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: domains - dn: ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: aliases - dn: ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: domains - dn: dc={{ testsite_domain }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: dNSDomain dc: "{{ testsite_domain }}" - dn: dc={{ testsite_domain_alternative }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: dNSDomain dc: "{{ testsite_domain_alternative }}" - dn: cn=postmaster@{{ testsite_domain }},ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: nisMailAlias cn: postmaster@{{ testsite_domain }} rfc822MailMember: john.doe@{{ testsite_domain }}