You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
1.1 KiB
48 lines
1.1 KiB
---
|
|
- name: 'evaluating base_dn'
|
|
set_fact:
|
|
base_dn: 'dc={{ ldap_domain.replace(".", ",dc=") }}'
|
|
|
|
- name: 'renewing admin password - generation'
|
|
gen_passwd: 'length=32'
|
|
register: new_passwd
|
|
no_log: true
|
|
|
|
- set_fact:
|
|
password: '{{ new_passwd.passwd }}'
|
|
no_log: true
|
|
|
|
- name: 'renewing admin password - hashing'
|
|
shell: >
|
|
slappasswd
|
|
-o module-load=pw-sha2
|
|
-h "{SSHA512}"
|
|
-s {{ password | quote }}
|
|
register: new_passwd_hash
|
|
no_log: true
|
|
|
|
- name: 'renewing admin password - setting RootPW'
|
|
ldap_attr:
|
|
dn: 'olcDatabase={1}mdb,cn=config'
|
|
name: 'olcRootPW'
|
|
values: >-
|
|
{{ new_passwd_hash.stdout }}
|
|
state: 'exact'
|
|
no_log: true
|
|
|
|
- name: 'renewing admin password - calling ldappasswd'
|
|
ldap_passwd:
|
|
dn: 'cn=admin,{{ base_dn }}'
|
|
passwd: '{{ new_passwd.passwd }}'
|
|
bind_dn: 'cn=admin,{{ base_dn }}'
|
|
bind_pw: '{{ new_passwd.passwd }}'
|
|
|
|
- name: 'renewing admin password - storing plaintext'
|
|
copy:
|
|
content: '{{ new_passwd.passwd }}'
|
|
dest: '/etc/slapd.secret'
|
|
|
|
- name: 'renewing admin password - setting fact'
|
|
set_fact:
|
|
ldap_passwd: '{{ new_passwd.passwd }}'
|
|
...
|