feat(nslcd): add role
This commit is contained in:
parent
c31e13a975
commit
fb13bd55bf
20
roles/nslcd/defaults/main.yml
Normal file
20
roles/nslcd/defaults/main.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
nslcd_config_uid: nslcd
|
||||||
|
nslcd_config_gid: nslcd
|
||||||
|
|
||||||
|
nslcd_config_ldap_uri: ldaps://127.0.0.1
|
||||||
|
nslcd_config_ldap_base: ~
|
||||||
|
nslcd_config_ldap_scope: sub
|
||||||
|
nslcd_config_ldap_version: 3
|
||||||
|
nslcd_config_ldap_bind_dn: ~
|
||||||
|
nslcd_config_ldap_bind_pw: ~
|
||||||
|
nslcd_config_ldap_root_pw_mod_dn: ~
|
||||||
|
nslcd_config_ldap_ssl: on
|
||||||
|
nslcd_config_ldap_tls_reqcert: always
|
||||||
|
nslcd_config_ldap_tls_cacertfile: /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
nslcd_config_pam_authz_search: >-2
|
||||||
|
(&(objectClass=posixAccount)(uid=$username)(|
|
||||||
|
(host=$hostname)(host=$fqdn)
|
||||||
|
))
|
27
roles/nslcd/tasks/main.yml
Normal file
27
roles/nslcd/tasks/main.yml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure nslcd is installed
|
||||||
|
apt:
|
||||||
|
name: "{{ nslcd_apt_package_name }}"
|
||||||
|
state: present
|
||||||
|
when: ansible_facts['pkg_mgr'] == 'apt'
|
||||||
|
|
||||||
|
- name: Ensure config is templated
|
||||||
|
template:
|
||||||
|
src: nslcd.conf.j2
|
||||||
|
dest: /etc/nslcd.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0640"
|
||||||
|
|
||||||
|
- name: Ensure systemd service is enabled
|
||||||
|
systemd:
|
||||||
|
service: "{{ nslcd_systemd_service_name }}"
|
||||||
|
enabled: true
|
||||||
|
when: ansible_facts['service_mgr'] == 'systemd'
|
||||||
|
|
||||||
|
- name: Ensure systemd service is running
|
||||||
|
systemd:
|
||||||
|
service: "{{ nslcd_systemd_service_name }}"
|
||||||
|
state: started
|
||||||
|
when: ansible_facts['service_mgr'] == 'systemd'
|
17
roles/nslcd/templates/nslcd.conf.j2
Normal file
17
roles/nslcd/templates/nslcd.conf.j2
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
uid {{ nslcd_config_uid }}
|
||||||
|
gid {{ nslcd_config_gid }}
|
||||||
|
|
||||||
|
uri {{ nslcd_config_ldap_uri }}
|
||||||
|
base {{ nslcd_config_ldap_base }}
|
||||||
|
binddn {{ nslcd_config_ldap_bind_dn }}
|
||||||
|
bindpw {{ nslcd_config_ldap_bind_pw }}
|
||||||
|
ldap_version {{ nslcd_config_ldap_version }}
|
||||||
|
|
||||||
|
rootpwmoddn {{ nslcd_config_ldap_root_pw_mod_dn }}
|
||||||
|
|
||||||
|
ssl {{ nslcd_config_ldap_ssl }}
|
||||||
|
tls_reqcert {{ nslcd_config_ldap_tls_reqcert }}
|
||||||
|
tls_cacertfile {{ nslcd_config_ldap_tls_cacertfile }}
|
||||||
|
|
||||||
|
scope {{ nslcd_config_ldap_scope }}
|
||||||
|
pam_authz_search {{ nslcd_config_ldap_pam_authz_search }}
|
0
roles/nslcd/vars/main.yml
Normal file
0
roles/nslcd/vars/main.yml
Normal file
Loading…
Reference in New Issue
Block a user