Compare commits
1 Commits
main
...
transcaffe
Author | SHA1 | Date | |
---|---|---|---|
610b796763 |
@ -9,10 +9,6 @@
|
||||
server_uri: "{{ ldap_server_uri }}"
|
||||
bind_dn: "{{ ldap_bind_dn }}"
|
||||
bind_pw: "{{ ldap_bind_pw }}"
|
||||
roles:
|
||||
# Ensure all defaults from openldap role are in scope
|
||||
- role: finallycoffee.base.openldap
|
||||
when: false
|
||||
tasks:
|
||||
- name: Ensure org units in '{{ ldap_base_dn }}' are {{ _state }}
|
||||
community.general.ldap_entry:
|
||||
@ -23,87 +19,3 @@
|
||||
loop: "{{ ldap_org_units | default([], true) }}"
|
||||
loop_control:
|
||||
loop_var: org_unit
|
||||
|
||||
- name: Ensure admin user is {{ _state }}
|
||||
community.general.ldap_entry:
|
||||
<<: *ldap_bind_info
|
||||
dn: "uid={{ ldap_admin_user_rdn }},{{ ldap_admin_user_base }}"
|
||||
objectClass: "{{ ldap_admin_user_object_classes }}"
|
||||
attributes: "{{ ldap_admin_user_attributes }}"
|
||||
state: "{{ _state }}"
|
||||
vars:
|
||||
ldap_admin_user_base: >-2
|
||||
{{ ldap_admin_user_base_dn | default(ldap_base_dn, true) }}
|
||||
when: ldap_admin_user_rdn is defined
|
||||
|
||||
- name: Ensure admin user attributes are correct
|
||||
community.general.ldap_attrs:
|
||||
<<: *ldap_bind_info
|
||||
dn: "uid={{ ldap_admin_user_rdn }},{{ ldap_admin_user_base }}"
|
||||
attributes: "{{ ldap_admin_user_attributes }}"
|
||||
state: "{{ _state }}"
|
||||
vars:
|
||||
ldap_admin_user_base: >-2
|
||||
{{ ldap_admin_user_base_dn | default(ldap_base_dn, true) }}
|
||||
when:
|
||||
- ldap_admin_user_rdn is defined
|
||||
- _state == 'present'
|
||||
|
||||
- name: Ensure ldap groups are {{ _state }}
|
||||
community.general.ldap_entry:
|
||||
<<: *ldap_bind_info
|
||||
dn: "{{ _ldap_group_dn }}"
|
||||
objectClass: "{{ _ldap_group_object_classes }}"
|
||||
attributes: "{{ _ldap_group_attributes }}"
|
||||
state: "{{ _state }}"
|
||||
vars:
|
||||
_ldap_group_dn: >-2
|
||||
cn={{ _ldap_group.name }},{{ ldap_group_base_dn }}
|
||||
_ldap_group_object_classes:
|
||||
- "groupOfNames"
|
||||
_ldap_group_attributes:
|
||||
cn: "{{ _ldap_group.name }}"
|
||||
member: >-2
|
||||
{{ _ldap_group.members | default([]) }}
|
||||
loop: "{{ ldap_groups | default([], true) }}"
|
||||
loop_control:
|
||||
loop_var: _ldap_group
|
||||
label: "{{ _ldap_group.name }}"
|
||||
when:
|
||||
- ldap_groups is defined
|
||||
- ldap_group_base_dn is defined
|
||||
|
||||
- name: Ensure service accounts are {{ _state }}
|
||||
community.general.ldap_entry:
|
||||
<<: *ldap_bind_info
|
||||
dn: "{{ _ldap_service_account_dn }}"
|
||||
objectClass: "{{ _ldap_service_account_object_classes }}"
|
||||
attributes: "{{ _ldap_service_account_attributes }}"
|
||||
state: "{{ _state }}"
|
||||
loop: &ldap_service_account_loop "{{ ldap_service_accounts | default([]) }}"
|
||||
loop_control: &ldap_service_account_loop_control
|
||||
loop_var: "_ldap_service_account"
|
||||
label: "{{ _ldap_service_account.name }}"
|
||||
vars: &ldap_service_account_vars
|
||||
_ldap_service_account_dn: >-2
|
||||
uid={{ _ldap_service_account.name }},{{ ldap_service_account_base_dn }}
|
||||
_ldap_service_account_object_classes:
|
||||
- "account"
|
||||
- "simpleSecurityObject"
|
||||
_ldap_service_account_attributes:
|
||||
uid: "{{ _ldap_service_account.name }}"
|
||||
userPassword: "{{ _ldap_service_account.password }}"
|
||||
when: &ldap_service_account_when
|
||||
- ldap_service_accounts is defined
|
||||
- ldap_service_account_base_dn is defined
|
||||
|
||||
- name: Ensure service accounts attributes are correct
|
||||
community.general.ldap_attrs:
|
||||
<<: *ldap_bind_info
|
||||
dn: "{{ _ldap_service_account_dn }}"
|
||||
attributes: "{{ _ldap_service_account_attributes }}"
|
||||
state: exact
|
||||
loop: *ldap_service_account_loop
|
||||
loop_control: *ldap_service_account_loop_control
|
||||
vars: *ldap_service_account_vars
|
||||
when: *ldap_service_account_when
|
||||
|
@ -26,13 +26,11 @@ openldap_additional_schemas: []
|
||||
openldap_schemas: >-2
|
||||
{{ openldap_enabled_schemas + openldap_additional_schemas }}
|
||||
|
||||
openldap_config_dn: "cn=config"
|
||||
openldap_config_db_dn: "olcDatabase={0}config,cn=config"
|
||||
openldap_config_db_olc_access:
|
||||
- '{0} to *
|
||||
by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
|
||||
by * none'
|
||||
openldap_config_attributes: {}
|
||||
openldap_config_db: "cn=config"
|
||||
openldap_config_db_olc_access: >-2
|
||||
to *
|
||||
by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
|
||||
by * none
|
||||
openldap_config_db_attributes:
|
||||
olcAccess: "{{ openldap_config_db_olc_access }}"
|
||||
|
||||
@ -51,7 +49,7 @@ openldap_default_database_directory: >-2
|
||||
openldap_default_database_indices: >-2
|
||||
{{ openldap_default_indices + openldap_indices }}
|
||||
openldap_default_database_config: >-2
|
||||
olcDatabase={1}{{ openldap_default_database_name }},{{ openldap_config_dn }}
|
||||
olcDatabase={1}{{ openldap_default_database_name }},{{ openldap_config_db }}
|
||||
openldap_default_database:
|
||||
name: "{{ openldap_default_database_name }}"
|
||||
object_class: "{{ openldap_default_database_object_class }}"
|
||||
@ -60,6 +58,5 @@ openldap_default_database:
|
||||
root_pw: "{{ openldap_default_database_root_pw }}"
|
||||
directory: "{{ openldap_default_database_directory }}"
|
||||
indices: "{{ openldap_default_database_indices }}"
|
||||
openldap_default_database_olc_access: "{{ openldap_config_db_olc_access }}"
|
||||
openldap_databases:
|
||||
- "{{ openldap_default_database }}"
|
||||
|
@ -1,31 +1,9 @@
|
||||
---
|
||||
- name: Ensure config attributes are configured
|
||||
community.general.ldap_attrs:
|
||||
dn: "{{ openldap_config_dn }}"
|
||||
attributes: "{{ { entry.key : entry.value } }}"
|
||||
state: exact
|
||||
server_uri: "{{ openldap_socket_url }}"
|
||||
loop: "{{ openldap_config_attributes | dict2items }}"
|
||||
loop_control:
|
||||
loop_var: "entry"
|
||||
label: "{{ entry.key }}"
|
||||
|
||||
- name: Ensure config db attributes are configured
|
||||
community.general.ldap_attrs:
|
||||
dn: "{{ openldap_config_db_dn }}"
|
||||
attributes: "{{ { entry.key : entry.value } }}"
|
||||
state: exact
|
||||
server_uri: "{{ openldap_socket_url }}"
|
||||
loop: "{{ openldap_config_db_attributes | dict2items }}"
|
||||
loop_control:
|
||||
loop_var: "entry"
|
||||
label: "{{ entry.key }}"
|
||||
|
||||
- name: Ensure ACLs for default database are configured
|
||||
- name: Ensure ACLs are configured
|
||||
community.general.ldap_attrs:
|
||||
dn: "{{ openldap_default_database_config }}"
|
||||
attributes:
|
||||
olcAccess: "{{ openldap_default_database_olc_access }}"
|
||||
olcAccess: "{{ openldap_config_db_olc_access }}"
|
||||
state: "exact"
|
||||
server_uri: "{{ openldap_socket_url }}"
|
||||
retries: 3
|
||||
|
Loading…
x
Reference in New Issue
Block a user