lilik_playbook/roles/pam-ldap/tasks/main.yaml

- name: configure libpam-ldap
  debconf:
      name: 'libpam-ldap'
      question: '{{ item.key }}'
      vtype: 'string'
      value: '{{ item.value }}'
  with_dict:
    libpam-ldap/bindpw: (password omitted)
    libpam-ldap/rootbindpw: (password omitted)
    libpam-ldap/rootbinddn:
    libpam-ldap/dbrootlogin: false
    libpam-ldap/dblogin: false
    libpam-ldap/override: 'true'
    libpam-ldap/pam_password: crypt
    libpam-ldap/binddn:
    shared/ldapns/ldap_version: 3
    shared/ldapns/ldap-server: ldap://{{ ldap_server }}/
    shared/ldapns/base-dn: dc=lilik,dc=it
  notify:
     - update libpam-ldap configuration

- name: configure libnss-ldap
  debconf:
      name: 'libnss-ldap'
      question: '{{ item.key }}'
      vtype: 'string'
      value: '{{ item.value }}'
  with_dict:
    libnss-ldap/bindpw: (password omitted)
    libnss-ldap/rootbindpw: (password omitted)
    libnss-ldap/override: 'true'
    libnss-ldap/confperm: true
    libnss-ldap/dbrootlogin: false
    libnss-ldap/nsswitch:
    libnss-ldap/binddn:
    libnss-ldap/rootbinddn:
    libnss-ldap/dblogin: false
    shared/ldapns/ldap_version: 3
    shared/ldapns/ldap-server: ldap://{{ ldap_server }}/
    shared/ldapns/base-dn: dc=lilik,dc=it
  notify:
     - update libnss-ldap configuration

- name: set default shell to bash in skel
  lineinfile:
    insertbefore: BOF
    dest: /etc/skel/.profile
    line: 'SHELL=/bin/bash exec /bin/bash'
    regexp: '^SHELL='

- name: create user home on login
  template:
    src: pam-mkhomedir.j2
    dest: /usr/share/pam-configs/mkhomedir
  notify: pam-auth-update

- name: enable nss ldap passwd
  lineinfile:
    dest: /etc/nsswitch.conf
    line: 'passwd:         compat ldap'
    regexp: '^passwd:'
  notify: restart nscd

- name: enable nss ldap group
  lineinfile:
    dest: /etc/nsswitch.conf
    line: 'group:          compat ldap'
    regexp: '^group:'
  notify: restart nscd

- name: install pam ldap packages
  apt:
    name: "{{ item }}"
    state: present
    update_cache: yes
    cache_valid_time: 3600
  with_items:
      - libpam-ldap
      - libnss-ldap
      # TODO: log, add a centralized log server
      - rsyslog