Add 'ldap' alias in ldap role.

2022-06-13 19:30:56 +02:00 · 2022-06-13 19:30:56 +02:00 · bfee555f1e
commit bfee555f1e
parent 429ca35a75
3 changed files with 15 additions and 11 deletions
--- a/roles/krb5kdcldap/tasks/main.yml
+++ b/roles/krb5kdcldap/tasks/main.yml
@ -211,11 +211,11 @@
    mode: '0640'
  notify: restart slapd

- name: "make 'kerberos' and 'ldap' alias hostnames resolvable from the LAN"
+- name: "make 'kerberos' an alias hostname"
  replace:
    path: /etc/hosts
    regexp: "^({{ ipaddr_lan | ipaddr('address') }}\\s.+)$"
-    replace: '\1 kerberos ldap'
+    replace: '\1 kerberos'
  when: not krb5kdc.stat.exists

 ########################
--- a/roles/ldap/tasks/main.yml
+++ b/roles/ldap/tasks/main.yml
@ -53,6 +53,13 @@
    dest: /usr/local/sbin/debian-lan
    mode: 0744

+- name: allow ldap service in firewalld
+  firewalld:
+    zone: internal
+    service: ldap
+    permanent: true
+    immediate: true
+    state: enabled

 - name: add dummy user foo
  ldap_entry:
@ -82,12 +89,3 @@
    bind_dn: "cn=admin,{{ basedn }}"
    bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
  when: foo_pwd is defined and foo_pwd | length > 0
-
-
- name: allow ldap service in firewalld
-  firewalld:
-    zone: internal
-    service: ldap
-    permanent: true
-    immediate: true
-    state: enabled
--- a/roles/ldap/tasks/setup.yml
+++ b/roles/ldap/tasks/setup.yml
@ -87,6 +87,12 @@
    regexp: "^(TLS_CACERT\\s+/etc/ssl/certs/ca-certificates.crt)$"
    replace: '#\1\nTLS_CACERT\t{{ certpub }}'

+- name: "make 'ldap' an alias hostname"
+  replace:
+    path: /etc/hosts
+    regexp: "^({{ ipaddr_lan | ipaddr('address') }}\\s.+)$"
+    replace: '\1 ldap'
+
 - name: enable pam-mkhomedir
  command: pam-auth-update --enable mkhomedir
  when: foo_pwd is defined and foo_pwd | length > 0