tom/ansible_slapd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
15911cbd6f7e8c3fd3ec39aed33a2e2fc2c15b9c
ansible_slapd/tasks/main.yml
Thomas Constans 15911cbd6f role slapd: 
- setup ssl (WIP)
- setup replication provider (WIP)
- setup replication consumer (WIP)

ssl and replication provider seems to be ok (need to test on clean machine)

replication consumer needs more testing
2019-07-19 14:54:26 +02:00

127 lines
2.8 KiB
YAML
Raw Blame History

---
# tasks file for /etc/ansible/roles/slapd
- name: OS specific vars
include_vars: "{{ ansible_distribution }}.yml"
- name: install
package:
name: "{{ ldap_packages }}"
state: present
- name: configure client
template:
src: ldap.conf
dest: /etc/openldap/ldap.conf
mode: 0644
- name: activate service
service:
name: "{{ ldap_service }}"
state: started
enabled: yes
- name: reconfigure slapd
ldap_attr:
dn: olcDatabase={2}hdb,cn=config
name: "{{ item.key }}"
values: "{{ item.value }}"
state: exact
with_dict:
olcSuffix: "{{ ldap_suffix }}"
olcRootDN: "{{ ldap_admin_dn }}"
olcRootPW: "{{ ldap_admin_password }}"
- name: load additionnal schema
include_tasks: import_ldap_schema.yml
loop: "{{ ldap_schemas }}"
loop_control:
loop_var: schema
- name: create suffix
ldap_entry:
server_uri: ldap://localhost
bind_dn: "{{ ldap_admin_dn }}"
bind_pw: "{{ ldap_admin_password }}"
dn: "{{ ldap_suffix }}"
objectClass: domain
attributes:
dc: "{{ ldap_domain }}"
- name: create passwd file
copy:
dest: /root/.ldap.secrets
mode: 0600
content: "{{ ldap_admin_password }}"
- name: import data
block:
- name: create initial directory
file:
path: /root/Ldif
state: directory
mode: 0700
- name: send ldif files
template:
src: "{{ item }}"
dest: /root/Ldif/
mode: 0600
with_fileglob: "templates/[0-9]*.ldif"
- name: get list of ldif files
find:
paths: /root/Ldif
patterns: "*.ldif"
file_type: file
register: ldif_list
- name: import ldif files
command: "ldapadd -y /root/.ldap.secrets -xD {{ ldap_admin_dn }} -f {{ item .path}}"
with_items: "{{ ldif_list.files }}"
when: import_data == true
- name: configure replication provider
include_tasks: replication_provider.yml
when: ldap_replication_provider
- name: configure replication consumer
include_tasks: replication_consumer.yml
when: ldap_replication_consumer
- name: open firewall
firewalld:
service: "{{ item }}"
permanent: yes
immediate: yes
state: enabled
loop:
- ldap
- ldaps
# cannot use ldap_entry module because attr olcTLS* don't have equality matching
# rules ...
# instead send ldif and process ...
- name: configure ssl
tags: ssl
block:
- name: ensure certificate and key files have correct permissions
file:
path: "{{ item }}"
group: ldap
mode: 0640
loop:
- "{{ ldap_ssl_cert_path }}"
- "{{ ldap_ssl_key_path }}"
- "{{ ldap_ssl_cacert_path }}"
- name: send ldif file
template:
src: ssl.ldif
dest: /root/Ldif/
- name: import ldif
command: ldapmodify -c -Y EXTERNAL -H ldapi:/// -f /root/Ldif/ssl.ldif
when: ldap_have_ssl
Reference in New Issue View Git Blame Copy Permalink