--- ldap_admin_password: adminpassword ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_ldap.cert.pem') }}" ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_ldap.key.pem') }}" ldap_entries: - dn: uid=john,dc=local attributes: objectClass: - inetOrgPerson - simpleSecurityObject userPassword: johnpassword uid: john cn: John Doe sn: Doe - dn: uid=jane,dc=local attributes: objectClass: - inetOrgPerson - simpleSecurityObject userPassword: janepassword uid: jane cn: Jane Doe sn: Doe ldap_permissions: - > to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by self write by * read by dn="cn=admin,dc=local" write by * none ldap_server_consumers: - name: consumer1 password: consumer1password - name: consumer2 password: consumer2password state: present - name: consumer3 password: consumer3password state: absent ldap_server_groups: - name: group1 - name: group2 state: present - name: group3 state: absent ldap_server_domain: "local" ldap_server_organization: "Example" ldap_server_log_level: 0 ldap_server_ssf: 0 ldap_tls_ciphers: "NONE:+VERS-TLS1.1:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:\ +SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA1:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL" # ldap_client ldap_client_config: - comment: CA truststore option: TLS_CACERT value: /etc/ssl/certs/testca.cert.pem - comment: Ensure TLS is enforced option: TLS_REQCERT value: demand # backup_client enable_backup: true backup_client_username: "bak-localhost" backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}" backup_server: localhost backup_server_host_ssh_public_keys: - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional') }}"