---
|
|
- name: 'populate tree - organization units'
|
|
ldap_entry:
|
|
dn: 'ou={{ item }},{{ ldap_basedn }}'
|
|
objectClass:
|
|
- 'organizationalUnit'
|
|
bind_dn: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_pw: '{{ ldap_passwd }}'
|
|
loop:
|
|
- 'People'
|
|
- 'Group'
|
|
- 'Server'
|
|
- 'VirtualDomain'
|
|
- 'Kerberos'
|
|
|
|
- name: 'populate tree - virtual domains'
|
|
ldap_entry:
|
|
dn: 'vd={{ item }},ou=VirtualDomain,{{ ldap_basedn }}'
|
|
objectClass:
|
|
- 'VirtualDomain'
|
|
attributes:
|
|
postfixTransport: 'maildrop:'
|
|
delete: 'FALSE'
|
|
accountActive: 'TRUE'
|
|
lastChange: '{{ ansible_date_time.epoch }}'
|
|
bind_dn: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_pw: '{{ ldap_passwd }}'
|
|
loop: '{{ virtual_domains }}'
|
|
|
|
- name: 'popoulate tree - virtual domain postmasters'
|
|
ldap_entry:
|
|
dn: 'cn=postmaster,vd={{ item }},ou=VirtualDomain,{{ ldap_basedn }}'
|
|
objectClass:
|
|
- 'VirtualMailAlias'
|
|
attributes:
|
|
mail: 'postmaster@{{ item }}'
|
|
editAccounts: 'TRUE'
|
|
accountActive: 'TRUE'
|
|
lastChange: '{{ ansible_date_time.epoch }}'
|
|
maildrop: 'postmaster'
|
|
sn: 'postmaster'
|
|
bind_dn: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_pw: '{{ ldap_passwd }}'
|
|
loop: '{{ virtual_domains }}'
|
|
|
|
- name: 'populate tree - posix groups'
|
|
ldap_entry:
|
|
dn: 'cn={{ item.key }},ou=Group,{{ ldap_basedn }}'
|
|
objectClass:
|
|
- 'posixGroup'
|
|
attributes:
|
|
gidNumber: '{{ item.value }}'
|
|
bind_dn: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_pw: '{{ ldap_passwd }}'
|
|
loop: '{{ ldap_groups_posix|dict2items }}'
|
|
|
|
- name: 'populate tree - name groups'
|
|
ldap_entry:
|
|
dn: 'cn={{ item }},ou=Group,{{ ldap_basedn }}'
|
|
objectClass:
|
|
- 'groupOfNames'
|
|
attributes:
|
|
member: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_dn: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_pw: '{{ ldap_passwd }}'
|
|
loop: '{{ ldap_groups_name }}'
|
|
|
|
- name: 'provisioning tree - test users'
|
|
ldap_entry:
|
|
dn: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}'
|
|
objectClass:
|
|
- 'inetOrgPerson'
|
|
- 'authorizedServiceObject'
|
|
attributes:
|
|
sn: '{{ item.value.sn }}'
|
|
mail: '{{ item.value.mail }}'
|
|
bind_dn: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_pw: '{{ ldap_passwd }}'
|
|
loop: '{{ ldap_users_common|dict2items + ldap_users_admin|dict2items }}'
|
|
|
|
- name: 'provisioning tree - test users passwd'
|
|
ldap_passwd:
|
|
dn: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}'
|
|
passwd: '{{ item.value.password }}'
|
|
bind_dn: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_pw: '{{ ldap_passwd }}'
|
|
loop: '{{ ldap_users_common|dict2items + ldap_users_admin|dict2items }}'
|
|
|
|
- name: 'provisioning tree - authorizedService'
|
|
ldap_attr:
|
|
dn: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}'
|
|
name: 'authorizedService'
|
|
values: '{{ item.value.authorizedServices }}'
|
|
bind_dn: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_pw: '{{ ldap_passwd }}'
|
|
when: item.value.authorizedServices is defined
|
|
loop: '{{ ldap_users_common|dict2items + ldap_users_admin|dict2items }}'
|
|
|
|
- name: 'provisioning tree - admin group members'
|
|
ldap_attr:
|
|
dn: 'cn=admin,ou=Group,{{ ldap_basedn }}'
|
|
name: 'member'
|
|
values: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}'
|
|
bind_dn: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_pw: '{{ ldap_passwd }}'
|
|
loop: '{{ ldap_users_admin|dict2items }}'
|
|
|
|
- name: 'provisioning tree - servers'
|
|
ldap_entry:
|
|
dn: 'cn={{ item }},ou=Server,{{ ldap_basedn }}'
|
|
objectClass:
|
|
- 'person'
|
|
attributes:
|
|
sn: '{{ item }}'
|
|
bind_dn: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_pw: '{{ ldap_passwd }}'
|
|
loop: '{{ ldap_server_accounts }}'
|
|
...
|