slapd: rajout acl sur cn=monitor
This commit is contained in:
@@ -22,7 +22,6 @@ defined in vars/main.yml and vars/CentOS.yml
|
||||
adapt to other distro
|
||||
* ldap_service - name of service unit file - slapd
|
||||
* ldap_user - slapd service account
|
||||
* import_data - bool - control wether we import initial data from LDIF files you will have put in templates subdirectory. Default No
|
||||
* ldap_schemas - list of additionnal schema names to load - default cosine
|
||||
* ldap_replication_consumer - bool -true to setup a replication consumer
|
||||
* ldap_replication_provider - bool -true to setup a replication provider
|
||||
|
||||
@@ -32,9 +32,9 @@
|
||||
olcRootDN: "{{ ldap_admin_dn }}"
|
||||
olcRootPW: "{{ ldap_admin_password }}"
|
||||
|
||||
- name: reconfigure slapd - access to cn=config
|
||||
- name: reconfigure slapd - access to cn=config and cn=monitor
|
||||
ldap_attr:
|
||||
dn: olcDatabase={0}config,cn=config
|
||||
dn: "{{ item }}"
|
||||
name: olcAccess
|
||||
values:
|
||||
>-
|
||||
@@ -42,6 +42,9 @@
|
||||
by dn.base={{ ldap_admin_dn }} manage
|
||||
by * none
|
||||
state: exact
|
||||
loop:
|
||||
- olcDatabase={0}config,cn=config
|
||||
- olcDatabase={1}monitor,cn=config
|
||||
|
||||
- name: load additionnal schema
|
||||
include_tasks: import_ldap_schema.yml
|
||||
@@ -93,7 +96,6 @@
|
||||
with_items: "{{ ldif_list.files }}"
|
||||
ignore_errors: true
|
||||
when: ldap_ldif_files is defined
|
||||
tags: wip
|
||||
|
||||
- name: configure replication provider
|
||||
include_tasks: replication_provider.yml
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
dn: ou=users,{{ldap_suffix}}
|
||||
objectclass: organizationalUnit
|
||||
|
||||
dn: ou=groups,{{ldap_suffix}}
|
||||
objectclass: organizationalUnit
|
||||
|
||||
dn: ou=hosts,{{ldap_suffix}}
|
||||
objectclass: organizationalUnit
|
||||
@@ -1,25 +0,0 @@
|
||||
dn: uid=thomas,ou=users,{{ldap_suffix }}
|
||||
objectClass: shadowAccount
|
||||
objectClass: posixAccount
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: organizationalPerson
|
||||
objectClass: person
|
||||
shadowWarning: 10
|
||||
shadowInactive: 10
|
||||
shadowMin: 1
|
||||
shadowMax: 365
|
||||
shadowLastChange: 15996
|
||||
homeDirectory: /home/thomas
|
||||
loginShell: /bin/bash
|
||||
uid: thomas
|
||||
cn: thomas constans
|
||||
uidNumber: 10003
|
||||
gidNumber: 100
|
||||
sn: constans
|
||||
givenName: thomasizationalUnit
|
||||
|
||||
dn: ou=groups,{{ldap_suffix}}
|
||||
objectclass: organizationalUnit
|
||||
|
||||
dn: ou=hosts,{{ldap_suffix}}
|
||||
objectclass: organizationalUnit
|
||||
Reference in New Issue
Block a user