- include_role: name: service vars: service_name: nscd service_packages: nscd - name: configure OpenLDAP (domain) debconf: name: 'slapd' question: 'slapd/domain' vtype: 'string' value: '{{ ldap_domain }}' - name: configure OpenLDAP (configure) debconf: name: 'slapd' question: 'slapd/dump_database' vtype: 'string' value: 'when needed' - name: configure OpenLDAP (organization) debconf: name: 'slapd' question: 'shared/organization' vtype: 'string' value: '{{ ldap_organization }}' - name: slurp slap secret file slurp: src: /etc/slapd.secret register: slapdsecret failed_when: false changed_when: false - set_fact: slapd_passwd: "{{ slapdsecret['content'] | b64decode }}" when: '"content" in slapdsecret' - block: - name: generate admin password gen_passwd: length=20 register: new_passwd - name: store slapd secret copy: content : "{{ new_passwd.passwd }}" dest: /etc/slapd.secret - set_fact: slapd_passwd: "{{ new_passwd.passwd }}" when: 'not "content" in slapdsecret' - name: configure OpenLDAP (password1) debconf: name: 'slapd' question: 'slapd/password1' vtype: 'string' value: '{{ slapd_passwd }}' - name: configure OpenLDAP (password2) debconf: name: 'slapd' question: 'slapd/password2' vtype: 'string' value: '{{ slapd_passwd }}' - name: configure phamm-ldap debconf: name: 'phamm-ldap' question: 'phamm-ldap/init_base_ldap' vtype: 'boolean' value: false - include_role: name: service vars: service_name: slapd service_packages: - slapd - ldap-utils - phamm-ldap - sudo - name: upload slapd config template: src: slapd.conf.j2 dest: "/etc/ldap/slapd.conf" - name: update slapd config shell: slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d args: creates: "/etc/ldap/slapd.d/cn=config/cn=schema/cn={4}phamm.ldif" become: true become_method: sudo become_user: openldap notify: restart slapd - name: fix missing memberOf module load lineinfile: dest: /etc/ldap/slapd.d/cn=config/cn=module{0}.ldif line: "olcModuleLoad: {1}memberof" notify: restart slapd - name: upload default tree template: dest=/etc/ldap/default_tree.ldif src=default_tree.ldif.j2 owner=root group=root mode=0400 register: upload_default_tree - name: create default tree shell: slapadd -l /etc/ldap/default_tree.ldif when: upload_default_tree.changed notify: restart slapd - name: enable OpenLDAP server service: name: 'slapd' enabled: true state: started