feat(openldap): add ansible role for deployment

2025-05-03 23:48:16 +02:00
parent b14f36c7e8
commit 64402d6732
14 changed files with 389 additions and 0 deletions
--- a/roles/openldap/defaults/main/openldap.yml
+++ b/roles/openldap/defaults/main/openldap.yml
@ -0,0 +1,56 @@
+---
+openldap_dn: >-2
+  dc={{ openldap_domain | regex_replace('\\.', ',dc=') }}
+openldap_root_username: "admin"
+openldap_root_pw: ~
+
+openldap_fd_soft_limit: "8192"
+openldap_fd_hard_limit: "8192"
+
+openldap_module_path: "/usr/lib/openldap"
+openldap_modules:
+  - "mdb"
+  - "hdb"
+
+openldap_core_schema_path: "{{ openldap_schema_path }}/core.ldif"
+openldap_enabled_schemas:
+  - name: "cosine"
+  - name: "inetorgperson"
+openldap_additional_schemas: []
+openldap_schemas: >-2
+  {{ openldap_enabled_schemas + openldap_additional_schemas }}
+
+openldap_config_db: "cn=config"
+openldap_config_db_olc_access: >-2
+  to *
+    by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
+    by * none
+openldap_config_db_attributes:
+  olcAccess: "{{ openldap_config_db_olc_access }}"
+
+openldap_default_indices:
+  - "objectClass eq"
+openldap_indices: []
+
+openldap_default_database_name: "mdb"
+openldap_default_database_object_class: "olcMdbConfig"
+openldap_default_database_suffix: "{{ openldap_dn }}"
+openldap_default_database_root_dn: >-2
+  cn={{ openldap_root_username }},{{ openldap_default_database_suffix }}
+openldap_default_database_root_pw: "{{ openldap_root_pw }}"
+openldap_default_database_directory: >-2
+  {{ openldap_data_path }}/{{ openldap_default_database_name }}
+openldap_default_database_indices: >-2
+  {{ openldap_default_indices + openldap_indices }}
+openldap_default_database_config: >-2
+  olcDatabase={1}{{ openldap_default_database_name }},{{ openldap_config_db }}
+openldap_default_database:
+  name: "{{ openldap_default_database_name }}"
+  object_class: "{{ openldap_default_database_object_class }}"
+  suffix: "{{ openldap_default_database_suffix }}"
+  root_dn: "{{ openldap_default_database_root_dn }}"
+  root_pw: "{{ openldap_default_database_root_pw }}"
+  directory: "{{ openldap_default_database_directory }}"
+  indices: "{{ openldap_default_database_indices }}"
+openldap_databases:
+  - "{{ openldap_default_database }}"