slapd: rajout acl sur cn=monitor
This commit is contained in:
@@ -22,7 +22,6 @@ defined in vars/main.yml and vars/CentOS.yml
|
|||||||
adapt to other distro
|
adapt to other distro
|
||||||
* ldap_service - name of service unit file - slapd
|
* ldap_service - name of service unit file - slapd
|
||||||
* ldap_user - slapd service account
|
* ldap_user - slapd service account
|
||||||
* import_data - bool - control wether we import initial data from LDIF files you will have put in templates subdirectory. Default No
|
|
||||||
* ldap_schemas - list of additionnal schema names to load - default cosine
|
* ldap_schemas - list of additionnal schema names to load - default cosine
|
||||||
* ldap_replication_consumer - bool -true to setup a replication consumer
|
* ldap_replication_consumer - bool -true to setup a replication consumer
|
||||||
* ldap_replication_provider - bool -true to setup a replication provider
|
* ldap_replication_provider - bool -true to setup a replication provider
|
||||||
|
|||||||
@@ -32,9 +32,9 @@
|
|||||||
olcRootDN: "{{ ldap_admin_dn }}"
|
olcRootDN: "{{ ldap_admin_dn }}"
|
||||||
olcRootPW: "{{ ldap_admin_password }}"
|
olcRootPW: "{{ ldap_admin_password }}"
|
||||||
|
|
||||||
- name: reconfigure slapd - access to cn=config
|
- name: reconfigure slapd - access to cn=config and cn=monitor
|
||||||
ldap_attr:
|
ldap_attr:
|
||||||
dn: olcDatabase={0}config,cn=config
|
dn: "{{ item }}"
|
||||||
name: olcAccess
|
name: olcAccess
|
||||||
values:
|
values:
|
||||||
>-
|
>-
|
||||||
@@ -42,6 +42,9 @@
|
|||||||
by dn.base={{ ldap_admin_dn }} manage
|
by dn.base={{ ldap_admin_dn }} manage
|
||||||
by * none
|
by * none
|
||||||
state: exact
|
state: exact
|
||||||
|
loop:
|
||||||
|
- olcDatabase={0}config,cn=config
|
||||||
|
- olcDatabase={1}monitor,cn=config
|
||||||
|
|
||||||
- name: load additionnal schema
|
- name: load additionnal schema
|
||||||
include_tasks: import_ldap_schema.yml
|
include_tasks: import_ldap_schema.yml
|
||||||
@@ -93,7 +96,6 @@
|
|||||||
with_items: "{{ ldif_list.files }}"
|
with_items: "{{ ldif_list.files }}"
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
when: ldap_ldif_files is defined
|
when: ldap_ldif_files is defined
|
||||||
tags: wip
|
|
||||||
|
|
||||||
- name: configure replication provider
|
- name: configure replication provider
|
||||||
include_tasks: replication_provider.yml
|
include_tasks: replication_provider.yml
|
||||||
|
|||||||
@@ -1,8 +0,0 @@
|
|||||||
dn: ou=users,{{ldap_suffix}}
|
|
||||||
objectclass: organizationalUnit
|
|
||||||
|
|
||||||
dn: ou=groups,{{ldap_suffix}}
|
|
||||||
objectclass: organizationalUnit
|
|
||||||
|
|
||||||
dn: ou=hosts,{{ldap_suffix}}
|
|
||||||
objectclass: organizationalUnit
|
|
||||||
@@ -1,25 +0,0 @@
|
|||||||
dn: uid=thomas,ou=users,{{ldap_suffix }}
|
|
||||||
objectClass: shadowAccount
|
|
||||||
objectClass: posixAccount
|
|
||||||
objectClass: inetOrgPerson
|
|
||||||
objectClass: organizationalPerson
|
|
||||||
objectClass: person
|
|
||||||
shadowWarning: 10
|
|
||||||
shadowInactive: 10
|
|
||||||
shadowMin: 1
|
|
||||||
shadowMax: 365
|
|
||||||
shadowLastChange: 15996
|
|
||||||
homeDirectory: /home/thomas
|
|
||||||
loginShell: /bin/bash
|
|
||||||
uid: thomas
|
|
||||||
cn: thomas constans
|
|
||||||
uidNumber: 10003
|
|
||||||
gidNumber: 100
|
|
||||||
sn: constans
|
|
||||||
givenName: thomasizationalUnit
|
|
||||||
|
|
||||||
dn: ou=groups,{{ldap_suffix}}
|
|
||||||
objectclass: organizationalUnit
|
|
||||||
|
|
||||||
dn: ou=hosts,{{ldap_suffix}}
|
|
||||||
objectclass: organizationalUnit
|
|
||||||
Reference in New Issue
Block a user