Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

115 lines
2.7 KiB

- include_role:
name: service
vars:
service_name: nscd
service_packages: nscd
- name: configure OpenLDAP (domain)
debconf:
name: 'slapd'
question: 'slapd/domain'
vtype: 'string'
value: '{{ ldap_domain }}'
- name: configure OpenLDAP (configure)
debconf:
name: 'slapd'
question: 'slapd/dump_database'
vtype: 'string'
value: 'when needed'
- name: configure OpenLDAP (organization)
debconf:
name: 'slapd'
question: 'shared/organization'
vtype: 'string'
value: '{{ ldap_organization }}'
- name: slurp slap secret file
slurp:
src: /etc/slapd.secret
register: slapdsecret
failed_when: false
changed_when: false
- set_fact:
slapd_passwd: "{{ slapdsecret['content'] | b64decode }}"
when: '"content" in slapdsecret'
- block:
- name: generate admin password
gen_passwd: length=20
register: new_passwd
- name: store slapd secret
copy:
content : "{{ new_passwd.passwd }}"
dest: /etc/slapd.secret
- set_fact:
slapd_passwd: "{{ new_passwd.passwd }}"
when: 'not "content" in slapdsecret'
- name: configure OpenLDAP (password1)
debconf:
name: 'slapd'
question: 'slapd/password1'
vtype: 'string'
value: '{{ slapd_passwd }}'
- name: configure OpenLDAP (password2)
debconf:
name: 'slapd'
question: 'slapd/password2'
vtype: 'string'
value: '{{ slapd_passwd }}'
- name: configure phamm-ldap
debconf:
name: 'phamm-ldap'
question: 'phamm-ldap/init_base_ldap'
vtype: 'boolean'
value: false
- include_role:
name: service
vars:
service_name: slapd
service_packages:
- slapd
- ldap-utils
- phamm-ldap
- libpam-ldap
- sudo
- name: upload slapd config
template:
src: slapd.conf.j2
dest: "/etc/ldap/slapd.conf"
- name: update slapd config
shell: slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
args:
creates: "/etc/ldap/slapd.d/cn=config/cn=schema/cn={4}phamm.ldif"
become: true
become_method: sudo
become_user: openldap
notify: restart slapd
- name: fix missing memberOf and pw-sha2 module load
blockinfile:
dest: /etc/ldap/slapd.d/cn=config/cn=module{0}.ldif
content: |
olcModuleLoad: {1}memberof
olcModuleLoad: {2}pw-sha2
notify: restart slapd
- name: upload default tree
template:
dest=/etc/ldap/default_tree.ldif
src=default_tree.ldif.j2
owner=root
group=root
mode=0400
register: upload_default_tree
- name: create default tree
shell: slapadd -l /etc/ldap/default_tree.ldif
when: upload_default_tree.changed
notify: restart slapd
- name: enable OpenLDAP server
service:
name: 'slapd'
enabled: true
state: started