Zolfa 7d251ab72d | 5 years ago | |
---|---|---|
.. | ||
defaults | 5 years ago | |
files | 5 years ago | |
tasks | 5 years ago | |
README.md | 5 years ago |
Set-up a LDAP server
Name | Description |
---|---|
ldap_domain |
Dot-form domain name. [$domain ] |
ldap_organization * |
Organization (i.e.: 'LILiK' ). |
x509_subject_prefix * |
X.509 TLS Cert Subject (i.e: '/ST=IT/L=Firenze/O=LILiK' ). |
x509_ldap_suffix * |
The same in LDAP form (i.e: 'o=LILiK,l=Firenze/st=IT' ). |
server_fqdn * |
Required for TLS certificate. ['$hostname.dmz.$domain' ] |
virtual_domains |
Required with check_tree : list of vds to init. |
ldap_tls_enabled |
Enables TLS, requires a ca_manager. [true ] |
renew_rootdn_pw |
Create a new random password for RooDN. [true ] |
check_tree |
Deploy initial tree configuration. [true ] |
Note: If ldap_tls_enabled
the ca_manager host should be configured
and TLS Root CA should be set in vars.
group_vars/all.yaml:
---
domain: 'example.com'
x509_subject_prefix: '/C=IT/L=Firenze/O=LILiK'
x509_ldap_suffix: 'o=LILiK,l=Firenze,st=IT'
user_ca_keys:
- "ssh-ed25519 ################### CA"
tls_root_ca: |
-----BEGIN CERTIFICATE-----
###########################
-----END CERTIFICATE-----
hosts:
vm_gateay ansible_host=10.0.2.1 ansible_user=root
authorities_request ansible_host=10.0.1.8 ansible_user=request
host1 ansible_host=10.0.1.1 ansible_user=root
ldap1 ansible_host=10.0.2.2 ansible_user=root ansible_lxc_host=host1
playbook.yaml:
---
# Configure LDAP on a Physical Host
- hosts: 'host'
roles:
- role: ldap
#ldap_domain: '{{ domain }}'
#server_fqdn: '{{ ansible_hostname }}.dmz.{{ domain }}'
ldap_organization: 'Example'
virtual_domains:
- 'example.com'
Command line:
ansible-playbook -i hosts playbook.yaml
On Ansible controller: