81 lines
2.6 KiB
YAML
81 lines
2.6 KiB
YAML
---
|
|
- name: Ensure config attributes are configured
|
|
community.general.ldap_attrs:
|
|
dn: "{{ openldap_config_dn }}"
|
|
attributes: "{{ { entry.key : entry.value } }}"
|
|
state: exact
|
|
server_uri: "{{ openldap_socket_url }}"
|
|
loop: "{{ openldap_config_attributes | dict2items }}"
|
|
loop_control:
|
|
loop_var: "entry"
|
|
label: "{{ entry.key }}"
|
|
|
|
- name: Ensure config db attributes are configured
|
|
community.general.ldap_attrs:
|
|
dn: "{{ openldap_config_db_dn }}"
|
|
attributes: "{{ { entry.key : entry.value } }}"
|
|
state: exact
|
|
server_uri: "{{ openldap_socket_url }}"
|
|
loop: "{{ openldap_config_db_attributes | dict2items }}"
|
|
loop_control:
|
|
loop_var: "entry"
|
|
label: "{{ entry.key }}"
|
|
|
|
- name: Ensure ACLs for default database are configured
|
|
community.general.ldap_attrs:
|
|
dn: "{{ openldap_default_database_config }}"
|
|
attributes:
|
|
olcAccess: "{{ openldap_default_database_olc_access }}"
|
|
state: "exact"
|
|
server_uri: "{{ openldap_socket_url }}"
|
|
retries: 3
|
|
delay: 3
|
|
register: openldap_acl_result
|
|
until: openldap_acl_result is succeeded
|
|
|
|
- name: Ensure LDAP DIT is configured
|
|
when:
|
|
- openldap_default_database_root_dn is defined
|
|
- openldap_default_database_root_pw is defined
|
|
vars:
|
|
_meta: &openldap_bind_info
|
|
bind_dn: "{{ openldap_default_database_root_dn }}"
|
|
bind_pw: "{{ openldap_default_database_root_pw }}"
|
|
server_uri: "{{ openldap_socket_url }}"
|
|
block:
|
|
- name: Ensure rootDN + credentials are correct
|
|
community.general.ldap_attrs:
|
|
dn: "{{ openldap_default_database_config }}"
|
|
attributes: "{{ {entry.key: entry.value} }}"
|
|
state: "exact"
|
|
server_uri: "{{ openldap_socket_url }}"
|
|
no_log: "{{ entry.log is defined and not entry.log }}"
|
|
loop:
|
|
- key: "olcRootDN"
|
|
value: "{{ openldap_default_database_root_dn }}"
|
|
- key: "olcRootPW"
|
|
value: "{{ openldap_default_database_root_pw }}"
|
|
log: false
|
|
loop_control:
|
|
loop_var: "entry"
|
|
label: "{{ entry.key }}"
|
|
|
|
- name: Ensure root node is {{ openldap_state }}
|
|
community.general.ldap_entry:
|
|
dn: "{{ openldap_dn }}"
|
|
objectClass: "{{ openldap_root_node_object_classes }}"
|
|
attributes:
|
|
dc: "{{ openldap_root_node_dc }}"
|
|
o: "{{ openldap_root_node_o }}"
|
|
<<: *openldap_bind_info
|
|
|
|
- name: Ensure root node attributes are up to date
|
|
community.general.ldap_attrs:
|
|
dn: "{{ openldap_dn }}"
|
|
attributes:
|
|
dc: "{{ openldap_root_node_dc }}"
|
|
o: "{{ openldap_root_node_o }}"
|
|
state: exact
|
|
<<: *openldap_bind_info
|
|
when: openldap_state == 'present'
|