99 lines
2.6 KiB
YAML
99 lines
2.6 KiB
YAML
---
|
|
|
|
- name: Configure debconf items for slapd
|
|
debconf:
|
|
name: slapd
|
|
question: "slapd/{{ item.q }}"
|
|
value: "{{ item.v }}"
|
|
vtype: "{{ item.t }}"
|
|
with_items:
|
|
- { q: 'domain', v: "{{ slapd_domain }}", t: 'string' }
|
|
- { q: 'backend', v: "MDB", t: 'select' }
|
|
notify:
|
|
- Restart slapd
|
|
|
|
- name: Configure debconf items for slapd (passwords)
|
|
debconf:
|
|
name: slapd
|
|
question: "slapd/{{ item.q }}"
|
|
value: "{{ item.v }}"
|
|
vtype: "{{ item.t }}"
|
|
with_items:
|
|
- { q: 'password1', v: "{{ slapd_admin_pass }}", t: 'password' }
|
|
- { q: 'password2', v: "{{ slapd_admin_pass }}", t: 'password' }
|
|
changed_when: false
|
|
no_log: "{{ filter_logs|default('true') }}"
|
|
|
|
- name: Install required software
|
|
apt:
|
|
pkg:
|
|
- slapd
|
|
- ldap-utils
|
|
state: present
|
|
|
|
- name: Set ldap OLC password
|
|
lineinfile:
|
|
dest: "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
|
|
line: "olcRootPW: {{ slapd_config_pass }}"
|
|
insertafter: "^modifyTimeStamp:"
|
|
regexp: "^olcRootPW"
|
|
notify:
|
|
- Restart slapd
|
|
|
|
- name: Copy revspace schema and olcConfig
|
|
copy:
|
|
src: "{{ item.src }}"
|
|
dest: "/etc/ldap/{{ item.dst }}"
|
|
owner: "openldap"
|
|
group: "openldap"
|
|
mode: "0644"
|
|
with_items:
|
|
- { src: "revspace.schema", dst: "schema/revspace.schema" }
|
|
- { src: "sudoers.schema", dst: "schema/sudoers.schema" }
|
|
- { src: "cn={4}revspace.ldif", dst: "slapd.d/cn=config/cn=schema/cn={4}revspace.ldif" }
|
|
- { src: "cn={5}sudoers.ldif", dst: "slapd.d/cn=config/cn=schema/cn={5}sudoers.ldif" }
|
|
notify:
|
|
- Restart slapd
|
|
|
|
#- name: Create directory for certificates
|
|
# file: path={{ slapd_certpath }} state=directory owner=openldap group=openldap mode=0700
|
|
#
|
|
#- name: Copy TLS files
|
|
# copy: src=ssl/{{ item }} dest={{ slapd_certpath }}/{{ item }} owner=openldap group=openldap mode=0400
|
|
# with_items:
|
|
# - cacert.pem
|
|
# - server-key.pem
|
|
# - server-cert.pem
|
|
|
|
- name: Template olc edits
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "/etc/ldap/{{ item }}.ldif"
|
|
owner: "openldap"
|
|
group: "openldap"
|
|
mode: "0600"
|
|
with_items:
|
|
- olcAccess
|
|
- olcSSL
|
|
register: olcedits
|
|
notify:
|
|
- Restart slapd
|
|
|
|
- name: Update olcConfig
|
|
command: "ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/{{ item }}.ldif"
|
|
with_items:
|
|
- olcAccess
|
|
- olcSSL
|
|
when: olcedits is changed
|
|
ignore_errors: true
|
|
changed_when: false
|
|
notify:
|
|
- Restart slapd
|
|
|
|
- name: Enable SSL listener
|
|
lineinfile:
|
|
dest: "/etc/default/slapd"
|
|
line: "SLAPD_SERVICES=\"ldap:/// ldaps:/// ldapi:///\""
|
|
regexp: "^SLAPD_SERVICES"
|
|
notify:
|
|
- Restart slapd
|