feat(nslcd): add role

This commit is contained in:
transcaffeine 2022-11-05 12:15:13 +01:00
parent c31e13a975
commit fb13bd55bf
Signed by: transcaffeine
GPG Key ID: 03624C433676E465
4 changed files with 64 additions and 0 deletions

View File

@ -0,0 +1,20 @@
---
nslcd_config_uid: nslcd
nslcd_config_gid: nslcd
nslcd_config_ldap_uri: ldaps://127.0.0.1
nslcd_config_ldap_base: ~
nslcd_config_ldap_scope: sub
nslcd_config_ldap_version: 3
nslcd_config_ldap_bind_dn: ~
nslcd_config_ldap_bind_pw: ~
nslcd_config_ldap_root_pw_mod_dn: ~
nslcd_config_ldap_ssl: on
nslcd_config_ldap_tls_reqcert: always
nslcd_config_ldap_tls_cacertfile: /etc/ssl/certs/ca-certificates.crt
nslcd_config_pam_authz_search: >-2
(&(objectClass=posixAccount)(uid=$username)(|
(host=$hostname)(host=$fqdn)
))

View File

@ -0,0 +1,27 @@
---
- name: Ensure nslcd is installed
apt:
name: "{{ nslcd_apt_package_name }}"
state: present
when: ansible_facts['pkg_mgr'] == 'apt'
- name: Ensure config is templated
template:
src: nslcd.conf.j2
dest: /etc/nslcd.conf
owner: root
group: root
mode: "0640"
- name: Ensure systemd service is enabled
systemd:
service: "{{ nslcd_systemd_service_name }}"
enabled: true
when: ansible_facts['service_mgr'] == 'systemd'
- name: Ensure systemd service is running
systemd:
service: "{{ nslcd_systemd_service_name }}"
state: started
when: ansible_facts['service_mgr'] == 'systemd'

View File

@ -0,0 +1,17 @@
uid {{ nslcd_config_uid }}
gid {{ nslcd_config_gid }}
uri {{ nslcd_config_ldap_uri }}
base {{ nslcd_config_ldap_base }}
binddn {{ nslcd_config_ldap_bind_dn }}
bindpw {{ nslcd_config_ldap_bind_pw }}
ldap_version {{ nslcd_config_ldap_version }}
rootpwmoddn {{ nslcd_config_ldap_root_pw_mod_dn }}
ssl {{ nslcd_config_ldap_ssl }}
tls_reqcert {{ nslcd_config_ldap_tls_reqcert }}
tls_cacertfile {{ nslcd_config_ldap_tls_cacertfile }}
scope {{ nslcd_config_ldap_scope }}
pam_authz_search {{ nslcd_config_ldap_pam_authz_search }}

View File