role slapd: ajout

README.md

@@ -0,0 +1,49 @@
+Role Name
+=========
+
+install openldap servers on CentOS - should work on RH too
+
+Requirements
+------------
+
+none
+
+Role Variables
+--------------
+defined in vars/main.yml and vars/CentOS.yml
+
+  * ldap_domain      - example
+  * ldap_domain_ex   - net 
+  * ldap_suffix      - constructed from variables above example.net
+  * ldap_admin_dn    - cn=manager,{{ ldap_suffix }}
+  * ldap_admin_password - 123Soleil - should be in a vault ...)
+  * ldap_packages    - liste of packages - should be the only thing to change to
+    adapt to other distro
+  * ldap_service     - name of service unit file - slapd
+  * ldap_user        - slapd service account
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+      - hosts: servers
+      roles:
+         - role: slapd
+           ldap_domain: example
+           ldap_domain_ex: net
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Thomas C <thomas@opendoor.fr>

defaults/main.yml

@@ -0,0 +1,6 @@
+---
+# defaults file for /etc/ansible/roles/slapd
+ldap_domain: example
+ldap_domain_ext: fr
+ldap_suffix: "{{ ldap_domain }},{{ ldap_domain_ext }}"
+ldap_root_dn: cn=root,{{ ldap_suffix }}

handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for /etc/ansible/roles/slapd

meta/main.yml

@@ -0,0 +1,53 @@
+galaxy_info:
+  author: your name
+  description: your description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.4
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
+  

tasks/main.yml

@@ -0,0 +1,56 @@
+---
+# tasks file for /etc/ansible/roles/slapd
+- name: OS specific vars
+  include_vars: "{{ ansible_distribution }}.yml"
+
+- name: install
+  package:
+    name: "{{ ldap_packages }}"
+    state: present
+
+- name: activate service
+  service:
+    name: "{{ ldap_service }}"
+    state: started
+    enabled: yes
+
+- name: reconfigure slapd
+  ldap_attr:
+    dn: olcDatabase={2}hdb,cn=config
+    name: "{{ item.key }}"
+    values: "{{ item.value }}"
+    state: exact
+  with_dict:
+    olcRootDN: "{{ ldap_admin_dn }}"
+    olcRootPW: "{{ ldap_admin_password }}"
+    olcSuffix: "{{ ldap_suffix }}"
+
+- name: check if schema already loaded
+  command: ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config  -LLL olcObjectClasses='*0.9.2342.19200300.100.4.13 NAME*' dn
+  register: result
+
+- name: import mandatory schema
+  command: "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif"
+  when: not result.stdout.find( 'cosine,cn=schema,cn=config' )
+
+- name: create suffix
+  ldap_entry:
+    server_uri: ldap://localhost
+    bind_dn: "{{ ldap_admin_dn }}"
+    bind_pw: "{{ ldap_admin_password }}"
+    dn: "{{ ldap_suffix }}"
+    objectClass: domain
+    attributes:
+      dc: "{{ ldap_domain }}"
+
+- name: configure client
+  template:
+    src: ldap.conf
+    dest: /etc/openldap/ldap.conf
+    mode: 0644
+
+- name: create passwd file
+  copy:
+    dest: /root/.ldap.secrets
+    mode: 0600
+    content: "{{ ldap_admin_password }}"

templates/change_suffix_and_dit_admin.ldif

@@ -0,0 +1,11 @@
+dn: olcDatabase={2}hdb,cn=config
+changetype: modify
+replace: olcsuffix
+olcsuffix: {{ ldap_suffix }}
+-
+replace: olcrootdn
+olcrootdn: {{ ldap_admin_dn }}
+-
+replace: olcrootpw
+olcrootpw: {{ ldap_admin_password }}
+

templates/ldap.conf

@@ -0,0 +1,2 @@
+URI ldap://localhost/
+BASE {{ ldap_suffix }}

tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - /etc/ansible/roles/slapd

vars/CentOS.yml

@@ -0,0 +1,7 @@
+ldap_packages:
+  - openldap-servers
+  - openldap-clients
+  - ldapvi
+  - python-ldap
+ldap_service: slapd
+ldap_user: ldap

vars/main.yml

@@ -0,0 +1,7 @@
+---
+# vars file for /etc/ansible/roles/slapd
+ldap_domain: example
+ldap_domain_ext: net
+ldap_suffix: "dc={{ldap_domain}},dc={{ldap_domain_ext}}"
+ldap_admin_dn: "cn=manager,{{ldap_suffix}}"
+ldap_admin_password: "123Soleil"