Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Zolfa 7d251ab72d
roles/ldap: do not enforce ssf if tls disabled
5 years ago
..
defaults style and variables refactoring 5 years ago
files roles/ldap: super-refactoring and TLS support. 5 years ago
tasks roles/ldap: do not enforce ssf if tls disabled 5 years ago
README.md style and variables refactoring 5 years ago

README.md

Role: ldap

Set-up a LDAP server

Configuration variables

Name Description
ldap_domain Dot-form domain name. [$domain]
ldap_organization* Organization (i.e.: 'LILiK').
x509_subject_prefix* X.509 TLS Cert Subject (i.e: '/ST=IT/L=Firenze/O=LILiK').
x509_ldap_suffix* The same in LDAP form (i.e: 'o=LILiK,l=Firenze/st=IT').
server_fqdn* Required for TLS certificate. ['$hostname.dmz.$domain']
virtual_domains Required with check_tree: list of vds to init.
ldap_tls_enabled Enables TLS, requires a ca_manager. [true]
renew_rootdn_pw Create a new random password for RooDN. [true]
check_tree Deploy initial tree configuration. [true]

Note: If ldap_tls_enabled the ca_manager host should be configured and TLS Root CA should be set in vars.

Minimal example

group_vars/all.yaml:

---
domain: 'example.com'
x509_subject_prefix: '/C=IT/L=Firenze/O=LILiK'
x509_ldap_suffix: 'o=LILiK,l=Firenze,st=IT'
user_ca_keys:
  - "ssh-ed25519 ################### CA"
tls_root_ca: |
  -----BEGIN CERTIFICATE-----
  ###########################
  -----END CERTIFICATE-----

hosts:

vm_gateay             ansible_host=10.0.2.1   ansible_user=root
authorities_request   ansible_host=10.0.1.8   ansible_user=request
host1                 ansible_host=10.0.1.1   ansible_user=root
ldap1              ansible_host=10.0.2.2   ansible_user=root    ansible_lxc_host=host1

playbook.yaml:

---
# Configure LDAP on a Physical Host
- hosts: 'host'
  roles:
    - role: ldap
      #ldap_domain: '{{ domain }}'
      #server_fqdn: '{{ ansible_hostname }}.dmz.{{ domain }}'
      ldap_organization: 'Example'
      virtual_domains:
        - 'example.com'

Command line:

ansible-playbook -i hosts playbook.yaml

Requirements

On Ansible controller:

  • tasks/ca-dialog.yaml