LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
78 Commits
12 Branches
967 KiB
 
 
 
 
Tree: 0d0f0e7330
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0d0f0e7330'
${ noResults }
lilik_playbook/roles/pam-ldap/tasks/main.yaml

81 lines
2.1 KiB
Raw Blame History

- name: configure libpam-ldap
debconf:
name: 'libpam-ldap'
question: '{{ item.key }}'
vtype: 'string'
value: '{{ item.value }}'
with_dict:
libpam-ldap/bindpw: (password omitted)
libpam-ldap/rootbindpw: (password omitted)
libpam-ldap/rootbinddn:
libpam-ldap/dbrootlogin: false
libpam-ldap/dblogin: false
libpam-ldap/override: 'true'
libpam-ldap/pam_password: crypt
libpam-ldap/binddn:
shared/ldapns/ldap_version: 3
shared/ldapns/ldap-server: ldap://{{ ldap_server }}/
shared/ldapns/base-dn: dc=lilik,dc=it
notify:
- update libpam-ldap configuration
- name: configure libnss-ldap
debconf:
name: 'libnss-ldap'
question: '{{ item.key }}'
vtype: 'string'
value: '{{ item.value }}'
with_dict:
libnss-ldap/bindpw: (password omitted)
libnss-ldap/rootbindpw: (password omitted)
libnss-ldap/override: 'true'
libnss-ldap/confperm: true
libnss-ldap/dbrootlogin: false
libnss-ldap/nsswitch:
libnss-ldap/binddn:
libnss-ldap/rootbinddn:
libnss-ldap/dblogin: false
shared/ldapns/ldap_version: 3
shared/ldapns/ldap-server: ldap://{{ ldap_server }}/
shared/ldapns/base-dn: dc=lilik,dc=it
notify:
- update libnss-ldap configuration
- name: set default shell to bash in skel
lineinfile:
insertbefore: BOF
dest: /etc/skel/.profile
line: 'SHELL=/bin/bash exec /bin/bash'
regexp: '^SHELL='
- name: create user home on login
template:
src: pam-mkhomedir.j2
dest: /usr/share/pam-configs/mkhomedir
notify: pam-auth-update
- name: enable nss ldap passwd
lineinfile:
dest: /etc/nsswitch.conf
line: 'passwd: compat ldap'
regexp: '^passwd:'
notify: restart nscd
- name: enable nss ldap group
lineinfile:
dest: /etc/nsswitch.conf
line: 'group: compat ldap'
regexp: '^group:'
notify: restart nscd
- name: install pam ldap packages
apt:
name: "{{ item }}"
state: present
update_cache: yes
cache_valid_time: 3600
with_items:
- libpam-ldap
- libnss-ldap
# TODO: log, add a centralized log server
- rsyslog