it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lmn-client/roles/ldap/tasks/main.yml
Andreas B. Mundt 2cf34e8e55 Fix some ansible-lint complaints.
2023-02-07 19:17:53 +01:00

93 lines
2.6 KiB
YAML
Raw Blame History

## Install and configure slapd.
---
- name: check if domain name is available
fail: msg="The machine's domain must not be empty."
when: ansible_domain | length == 0
- name: check if slapd is already set up
stat: path=/usr/sbin/slapd
register: slapd
- name: install and configure slapd
include_tasks: setup.yml
when: not slapd.stat.exists
#######################################################################################
## Use the admin password saved to file (available also after installation):
- name: slurp admin password
slurp:
src: "{{ ldap_admin_pwd_file }}"
register: ldap_admin_pwd
no_log: true
## Prepare user directories
- name: make sure we have a people entry for users
ldap_entry:
dn: "ou=people,{{ basedn }}"
objectClass: organizationalUnit
bind_dn: "cn=admin,{{ basedn }}"
bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
- name: make sure we have a group entry for users
ldap_entry:
dn: "ou=groups,{{ basedn }}"
objectClass: organizationalUnit
bind_dn: "cn=admin,{{ basedn }}"
bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
- name: add group for ldap users
ldap_entry:
dn: "cn=ldapuser,ou=groups,{{ basedn }}"
objectClass:
- posixGroup
attributes:
gidNumber: "{{ ldapuser_gid }}"
bind_dn: "cn=admin,{{ basedn }}"
bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
- name: provide simple script to manage ldap/kdc
template:
src: debian-lan.j2
dest: /usr/local/sbin/debian-lan
mode: 0744
- name: add dummy user foo
ldap_entry:
dn: "uid=foo,ou=people,{{ basedn }}"
objectClass:
- inetOrgPerson
- posixAccount
attributes:
cn: foo
sn: bar
userPassword: "{{ foo_pwd }}"
uidNumber: "{{ min_id }}"
gidNumber: "{{ min_id }}"
homeDirectory: "{{ lan_homes }}/foo"
loginShell: /bin/bash
bind_dn: "cn=admin,{{ basedn }}"
bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
when: foo_pwd is defined and foo_pwd | length > 0
- name: add dummy group foo
ldap_entry:
dn: "cn=foo,ou=groups,{{ basedn }}"
objectClass:
- posixGroup
attributes:
gidNumber: "{{ min_id }}"
bind_dn: "cn=admin,{{ basedn }}"
bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
when: foo_pwd is defined and foo_pwd | length > 0
- name: allow ldap service in firewalld
firewalld:
zone: internal
service: ldap
permanent: true
immediate: true
state: enabled
Reference in a new issue View git blame Copy permalink