mirror of
https://github.com/FAUSheppy/no-secrets-athq-ansible
synced 2025-12-09 23:58:32 +01:00
121 lines
2.5 KiB
YAML
121 lines
2.5 KiB
YAML
- name: Install LDAP packages
|
|
apt:
|
|
pkg:
|
|
- slapd
|
|
- ldap-utils
|
|
- python3-ldap
|
|
|
|
- name: directory /var/lib/slapd/
|
|
file:
|
|
path: /var/lib/ldap/
|
|
owner: root
|
|
group: openldap
|
|
mode: 0770
|
|
state: directory
|
|
|
|
- name: slapd-LDAP Conf
|
|
template:
|
|
src: slapd.conf
|
|
dest: /etc/ldap/slapd.conf
|
|
owner: openldap
|
|
notify:
|
|
- restart slapd
|
|
|
|
- name: Disable & mask broken debian slapd unit
|
|
systemd:
|
|
name: slapd
|
|
state: stopped
|
|
enabled: false
|
|
masked: yes
|
|
|
|
- name: Copy slapd systemd unit
|
|
template:
|
|
src: slapd-custom.service
|
|
dest: /etc/systemd/system/slapd-custom.service
|
|
mode: 0644
|
|
notify:
|
|
- daemon reload
|
|
- restart slapd
|
|
|
|
- name: Enable and start slapd custom service
|
|
systemd:
|
|
name: slapd-custom.service
|
|
state: started
|
|
enabled: yes
|
|
|
|
- meta: flush_handlers
|
|
|
|
- name: Wait for LDAP to become ready
|
|
wait_for:
|
|
port: 389
|
|
timeout: 30
|
|
delay: 5
|
|
|
|
- name: LDAP (client) conf
|
|
template:
|
|
src: ldap.conf
|
|
dest: /etc/ldap/ldap.conf
|
|
owner: openldap
|
|
|
|
- name: Create LDAP root (1)
|
|
ldap_entry:
|
|
dn: "{{ ldap_suffix }}"
|
|
objectClass:
|
|
- dcObject
|
|
- organization
|
|
attributes: |
|
|
{ "o" : "{{ ldap_org }}", "dc" : "{{ ldap_dc }}" }
|
|
state: present
|
|
server_uri: "ldap://localhost"
|
|
bind_dn: "{{ ldap_bind_dn }}"
|
|
bind_pw: "{{ ldap_password }}"
|
|
|
|
- name: Create LDAP root (2)
|
|
ldap_entry:
|
|
dn: "cn=Manager,dc=atlantishq,dc=de"
|
|
objectClass:
|
|
- organizationalRole
|
|
attributes: |
|
|
{ "cn" : "Manager" }
|
|
state: present
|
|
server_uri: "ldap://localhost"
|
|
bind_dn: "{{ ldap_bind_dn }}"
|
|
bind_pw: "{{ ldap_password }}"
|
|
|
|
- name: Create LDAP Group people
|
|
ldap_entry:
|
|
dn: "ou=People,{{ ldap_suffix }}"
|
|
objectClass:
|
|
- organizationalUnit
|
|
state: present
|
|
server_uri: "ldap://localhost"
|
|
bind_dn: "{{ ldap_bind_dn }}"
|
|
bind_pw: "{{ ldap_password }}"
|
|
|
|
- name: Create LDAP groups root
|
|
ldap_entry:
|
|
dn: "ou=groups,{{ ldap_suffix }}"
|
|
objectClass:
|
|
- organizationalUnit
|
|
state: present
|
|
server_uri: "ldap://localhost"
|
|
bind_dn: "{{ ldap_bind_dn }}"
|
|
bind_pw: "{{ ldap_password }}"
|
|
|
|
- name: Create LDAP groups
|
|
ldap_entry:
|
|
dn: "cn={{ item }},ou=groups,{{ ldap_suffix }}"
|
|
objectClass:
|
|
- groupOfNames
|
|
attributes: { "member" : "" }
|
|
state: present
|
|
server_uri: "ldap://localhost"
|
|
bind_dn: "{{ ldap_bind_dn }}"
|
|
bind_pw: "{{ ldap_password }}"
|
|
with_items:
|
|
- nextcloud
|
|
- images
|
|
- mail
|
|
- soundlib
|
|
- monitoring
|