Role Name

install openldap servers on CentOS - should work on RH too

TODO

make it work on CentOS8: difier form_slapd/vars/CentOS.yml : ldap_packages:

dans form_slapd/templates/change_suffix_and_dit_admin.ldif remplacer hdb par mdb ligne 1

none

defined in vars/main.yml and vars/CentOS.yml

ldap_domain - example
ldap_domain_ex - net
ldap_config_dir - /etc/openldap (RH) /etc/ldap (Debian)
ldap_database - olcDatabase={2}hdb,cn=config (RH) / olcDatabase={1}mdb,cn=config (Debian)
ldap_suffix - constructed from variables above example.net
ldap_admin_dn - cn=manager,{{ ldap_suffix }} - read from keepass ldap_admin
ldap_admin_password - 123Soleil - should be in a vault ...) - read from keepass
ldap_secret_file - default to /root/.ldap.secret
ldap_packages - liste of packages - should be the only thing to change to adapt to other distro
ldap_service - name of service unit file - slapd
ldap_user - slapd service account
ldap_schemas - list of additionnal schema names to load - default cosine
ldap_replication_consumer - bool -true to setup a replication consumer
ldap_replication_provider - bool -true to setup a replication provider
ldap_replication_account - account used for replication
ldap_replication_password - account password used for replication

ldap_have_ssl - boolean - wether we use ssl or not
ldap_ssl_dir - directory where certificates will be stored
ldap_cache_size: 3000
ldap_idlcache_size: 60001024 30
ldap_checkpoint: 1024 30
ldap_ssl_cert_path - {{ ldap_ssl_dir }}/{{ ansible_fqdn }}_fullchain.pem
ldap_ssl_cacert_path - {{ ldap_ssl_dir }}/{{ ansible_fqdn }}_fullchain.pem
ldap_ssl_key_path - {{ ldap_ssl_dir }}/{{ ansible_fqdn }}_privkey.pem
ldap_ldif_files - optional list of ldif files to send to server and inject. Will be templated. need absolute path
ldap_backup_dir: /srv/backups/ldap/

None

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: