LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
463 Commits
12 Branches
967 KiB
 
 
 
 
Tree: a76d3c0d44
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a76d3c0d44'
${ noResults }
lilik_playbook/roles/ldap/tasks/3_provision_tree.yaml

118 lines
3.5 KiB
Raw Blame History

---
- name: 'populate tree - organization units'
ldap_entry:
dn: 'ou={{ item }},{{ ldap_basedn }}'
objectClass:
- 'organizationalUnit'
bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}'
loop:
- 'People'
- 'Group'
- 'Server'
- 'VirtualDomain'
- 'Kerberos'
- name: 'populate tree - virtual domains'
ldap_entry:
dn: 'vd={{ item }},ou=VirtualDomain,{{ ldap_basedn }}'
objectClass:
- 'VirtualDomain'
attributes:
postfixTransport: 'maildrop:'
delete: 'FALSE'
accountActive: 'TRUE'
lastChange: '{{ ansible_date_time.epoch }}'
bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}'
loop: '{{ virtual_domains }}'
- name: 'popoulate tree - virtual domain postmasters'
ldap_entry:
dn: 'cn=postmaster,vd={{ item }},ou=VirtualDomain,{{ ldap_basedn }}'
objectClass:
- 'VirtualMailAlias'
attributes:
mail: 'postmaster@{{ item }}'
editAccounts: 'TRUE'
accountActive: 'TRUE'
lastChange: '{{ ansible_date_time.epoch }}'
maildrop: 'postmaster'
sn: 'postmaster'
bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}'
loop: '{{ virtual_domains }}'
- name: 'populate tree - posix groups'
ldap_entry:
dn: 'cn={{ item.key }},ou=Group,{{ ldap_basedn }}'
objectClass:
- 'posixGroup'
attributes:
gidNumber: '{{ item.value }}'
bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}'
loop: '{{ ldap_groups_posix|dict2items }}'
- name: 'populate tree - name groups'
ldap_entry:
dn: 'cn={{ item }},ou=Group,{{ ldap_basedn }}'
objectClass:
- 'groupOfNames'
attributes:
member: 'cn=admin,{{ ldap_basedn }}'
bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}'
loop: '{{ ldap_groups_name }}'
- name: 'provisioning tree - test users'
ldap_entry:
dn: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}'
objectClass:
- 'inetOrgPerson'
- 'authorizedServiceObject'
attributes:
sn: '{{ item.value.sn }}'
mail: '{{ item.value.mail }}'
bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}'
loop: '{{ ldap_users_common|dict2items + ldap_users_admin|dict2items }}'
- name: 'provisioning tree - test users passwd'
ldap_passwd:
dn: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}'
passwd: '{{ item.value.password }}'
bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}'
loop: '{{ ldap_users_common|dict2items + ldap_users_admin|dict2items }}'
- name: 'provisioning tree - authorizedService'
ldap_attr:
dn: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}'
name: 'authorizedService'
values: '{{ item.value.authorizedServices }}'
bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}'
when: item.value.authorizedServices is defined
loop: '{{ ldap_users_common|dict2items + ldap_users_admin|dict2items }}'
- name: 'provisioning tree - admin group members'
ldap_attr:
dn: 'cn=admin,ou=Group,{{ ldap_basedn }}'
name: 'member'
values: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}'
bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}'
loop: '{{ ldap_users_admin|dict2items }}'
- name: 'provisioning tree - servers'
ldap_entry:
dn: 'cn={{ item }},ou=Server,{{ ldap_basedn }}'
objectClass:
- 'person'
attributes:
sn: '{{ item }}'
bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}'
loop: '{{ ldap_server_accounts }}'
...