104 lines
3.2 KiB
Markdown
104 lines
3.2 KiB
Markdown
## Issues
|
|
|
|
ppolicy no longer needed w/ slapd > 2.5
|
|
|
|
Role Name
|
|
=========
|
|
|
|
install openldap servers on CentOS - should work on RH too
|
|
|
|
TODO
|
|
----
|
|
|
|
make it work on CentOS8:
|
|
difier form_slapd/vars/CentOS.yml :
|
|
ldap_packages:
|
|
- symas-openldap-servers
|
|
- symas-openldap-clients
|
|
- python3-ldap.x86_64
|
|
ldap_service: slapd
|
|
ldap_user: ldap
|
|
|
|
dans form_slapd/templates/change_suffix_and_dit_admin.ldif remplacer hdb par mdb ligne 1
|
|
|
|
dans form_slapd/tasks/main.yml remplacer hdb par mdb ligne 26
|
|
Requirements
|
|
------------
|
|
|
|
none
|
|
|
|
Role Variables
|
|
--------------
|
|
defined in vars/main.yml and vars/CentOS.yml
|
|
|
|
* ldap_domain - example
|
|
* ldap_domain_ex - net
|
|
* ldap_config_dir - /etc/openldap (RH) /etc/ldap (Debian)
|
|
* ldap_database - olcDatabase={2}hdb,cn=config (RH) / olcDatabase={1}mdb,cn=config (Debian)
|
|
* ldap_suffix - constructed from variables above example.net
|
|
* ldap_admin_dn - cn=manager,{{ ldap_suffix }} - read from keepass ldap_admin
|
|
* ldap_admin_password - 123Soleil - should be in a vault ...) - read from keepass
|
|
* ldap_secret_file - default to /root/.ldap.secret
|
|
* ldap_packages - liste of packages - should be the only thing to change to
|
|
adapt to other distro
|
|
* ldap_service - name of service unit file - slapd
|
|
* ldap_user - slapd service account
|
|
* ldap_schemas - list of additionnal schema names to load - default cosine
|
|
* ldap_replication_consumer - bool -true to setup a replication consumer
|
|
* ldap_replication_provider - bool -true to setup a replication provider
|
|
* ldap_replication_account_dn- account used for replication
|
|
* ldap_replication_password - account password used for replication
|
|
- ldap_replication_provider_uri - ldap uri of provider server
|
|
* ldap_have_ssl - boolean - wether we use ssl or not
|
|
* ldap_ssl_dir - directory where certificates will be stored
|
|
* ldap_cache_size: 3000
|
|
* ldap_idlcache_size: 60001024 30
|
|
* ldap_checkpoint: 1024 30
|
|
* ldap_ssl_cert_path - {{ ldap_ssl_dir }}/{{ ansible_fqdn }}_fullchain.pem
|
|
* ldap_ssl_cacert_path - {{ ldap_ssl_dir }}/{{ ansible_fqdn }}_fullchain.pem
|
|
* ldap_ssl_key_path - {{ ldap_ssl_dir }}/{{ ansible_fqdn }}_privkey.pem
|
|
* ldap_ldif_files - optional list of ldif files to send to server and inject.
|
|
Will be templated. need absolute path
|
|
* ldap_backup_dir: /srv/backups/ldap/
|
|
|
|
|
|
Dependencies
|
|
------------
|
|
|
|
None
|
|
|
|
Example Playbook
|
|
----------------
|
|
|
|
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
|
|
|
- role: slapd
|
|
vars:
|
|
- ldap_schemas:
|
|
- cosine
|
|
- nis
|
|
- inetorgperson
|
|
- ldap_replication_consumer: false
|
|
- ldap_domain: opendoor
|
|
- ldap_domain_ex: fr
|
|
- ldap_suffix: o=od
|
|
- ldap_admin_password: 123Soleil
|
|
- ldap_replication_provider: false
|
|
- ldap_have_ssl: yes
|
|
- ldap_ssl_dir: /etc/openldap/certs/
|
|
- ldap_ssl_cert_path: "{{ ssl_certificate_file }}"
|
|
- ldap_ssl_key_path: "{{ ssl_key_file }}"
|
|
- ldap_ssl_cacert_path: "{{ ssl_ca_file }}"
|
|
- ldap_ldif_files:
|
|
- /home/tom/tmp/cyrus_postfix_ldap/Vagrant/0_branches.ldif
|
|
- /home/tom/tmp/cyrus_postfix_ldap/Vagrant/1_users.ldif
|
|
|
|
License
|
|
-------
|
|
|
|
BSD
|
|
Author Information
|
|
------------------
|
|
|
|
Thomas C <thomas@opendoor.fr>
|