ldap van revspace, nog aanpassen

2025-04-30 21:42:38 +02:00 · 2025-04-30 21:42:38 +02:00 · a74ef0de9a
commit a74ef0de9a
parent 4870960b45
32 changed files with 964 additions and 0 deletions
--- a/roles/ldapserver/tasks/main.yaml
+++ b/roles/ldapserver/tasks/main.yaml
@ -0,0 +1,99 @@
+---
+
+- name: Configure debconf items for slapd
+  debconf:
+    name: slapd
+    question: "slapd/{{ item.q }}"
+    value: "{{ item.v }}"
+    vtype: "{{ item.t }}"
+  with_items:
+    - { q: 'domain', v: "{{ slapd_domain }}", t: 'string' }
+    - { q: 'backend', v: "MDB", t: 'select' }
+  notify:
+    - Restart slapd
+
+- name: Configure debconf items for slapd (passwords)
+  debconf:
+    name: slapd
+    question: "slapd/{{ item.q }}"
+    value: "{{ item.v }}"
+    vtype: "{{ item.t }}"
+  with_items:
+    - { q: 'password1', v: "{{ slapd_admin_pass }}", t: 'password' }
+    - { q: 'password2', v: "{{ slapd_admin_pass }}", t: 'password' }
+  changed_when: false
+  no_log: "{{ filter_logs|default('true') }}"
+
+- name: Install required software
+  apt:
+    pkg:
+      - slapd
+      - ldap-utils
+    state: present
+
+- name: Set ldap OLC password
+  lineinfile:
+    dest: "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
+    line: "olcRootPW: {{ slapd_config_pass }}"
+    insertafter: "^modifyTimeStamp:"
+    regexp: "^olcRootPW"
+  notify:
+    - Restart slapd
+
+- name: Copy revspace schema and olcConfig
+  copy:
+    src: "{{ item.src }}"
+    dest: "/etc/ldap/{{ item.dst }}"
+    owner: "openldap"
+    group: "openldap"
+    mode: "0644"
+  with_items:
+    - { src: "revspace.schema", dst: "schema/revspace.schema" }
+    - { src: "sudoers.schema", dst: "schema/sudoers.schema" }
+    - { src: "cn={4}revspace.ldif", dst: "slapd.d/cn=config/cn=schema/cn={4}revspace.ldif" }
+    - { src: "cn={5}sudoers.ldif", dst: "slapd.d/cn=config/cn=schema/cn={5}sudoers.ldif" }
+  notify:
+    - Restart slapd
+
+#- name: Create directory for certificates
+#  file: path={{ slapd_certpath }} state=directory owner=openldap group=openldap mode=0700
+#
+#- name: Copy TLS files
+#  copy: src=ssl/{{ item }} dest={{ slapd_certpath }}/{{ item }} owner=openldap group=openldap mode=0400
+#  with_items:
+#    - cacert.pem
+#    - server-key.pem
+#    - server-cert.pem
+
+- name: Template olc edits
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/ldap/{{ item }}.ldif"
+    owner: "openldap"
+    group: "openldap"
+    mode: "0600"
+  with_items:
+    - olcAccess
+    - olcSSL
+  register: olcedits
+  notify:
+    - Restart slapd
+
+- name: Update olcConfig
+  command: "ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/{{ item }}.ldif"
+  with_items:
+    - olcAccess
+    - olcSSL
+  when: olcedits is changed
+  ignore_errors: true
+  changed_when: false
+  notify:
+    - Restart slapd
+
+- name: Enable SSL listener
+  lineinfile:
+    dest: "/etc/default/slapd"
+    line: "SLAPD_SERVICES=\"ldap:/// ldaps:/// ldapi:///\""
+    regexp: "^SLAPD_SERVICES"
+  notify:
+    - Restart slapd