From 5fd4e21d2e21e3451edfb00e67a9bbc583eed557 Mon Sep 17 00:00:00 2001 From: Nemo Date: Sat, 8 Aug 2020 16:31:53 +0200 Subject: [PATCH] Change role to use for LDAP server --- .gitignore | 1 - .../group_vars/all/vault.yml.template | 3 + inventory_template/group_vars/ldap_server.yml | 67 +++++++++++++++++++ playbook_ldap_deploy.yml | 2 +- requirements.yml | 1 - 5 files changed, 71 insertions(+), 3 deletions(-) create mode 100644 inventory_template/group_vars/ldap_server.yml diff --git a/.gitignore b/.gitignore index 4b4f149..9a800d2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ roles/geerlingguy.* -roles/criecm.* roles/vavrusa.* .vault-password *.retry diff --git a/inventory_template/group_vars/all/vault.yml.template b/inventory_template/group_vars/all/vault.yml.template index 7a81c8c..821e3f8 100644 --- a/inventory_template/group_vars/all/vault.yml.template +++ b/inventory_template/group_vars/all/vault.yml.template @@ -14,3 +14,6 @@ vault_public_key_munin_user_host: SSH_PUB_KEY_OF_munin_user_USER_ON_USER_HOST vault_private_key_backup_user_host: | SSH_PRIV_KEY_OF_backup_user_USER_ON_USER_HOST vault_public_key_backup_user_host: SSH_PUBKEY_OF_backup_user_USER_ON_BACKUP_HOST + +vault_ldap_admin_user_password: LDAP_ADMIN_PASSWORD +vault_ldap_config_admin_user_password: LDAP_CONFIG_ADMIN_PASSWORD diff --git a/inventory_template/group_vars/ldap_server.yml b/inventory_template/group_vars/ldap_server.yml new file mode 100644 index 0000000..6e62d47 --- /dev/null +++ b/inventory_template/group_vars/ldap_server.yml @@ -0,0 +1,67 @@ +--- + +openldap_schemas: + - core + - cosine + - nis + - inetorgperson + - rfc2739 +openldap_bases: + rootdn: cn=admin + suffix: dc=example,dc=org + includes: [ slapd.access ] + indexes: + - [ "uid,uidNumber,gidNumber,memberUID", "pres,eq" ] +# slave: +# rid: +# provider: ldaps://:636 +# binddn: cn=bind,dc=dn +# credentials: bindpw +# bindmethod: simple + +ldap_host: "localhost" +ldap_port: "389" + +ldap_root_dn: "dc=example,dc=org" +ldap_domain: "example.org" + +ldap_admin_user_dn: "cn=admin,dc=example,dc=org" +ldap_admin_user_password: "{{ vault_ldap_admin_user_password }}" + +ldap_config_admin_user_dn: "cn=admin,cn=config" +ldap_config_admin_user_password: "{{ vault_ldap_config_admin_user_password }}" + +ldap_people: + - userA: + uid: userA + cn: userA + uidNumber: 60012 + gidNumber: 60012 + - userB: + uid: userB + cn: userB + uidNumber: 60013 + gidNumber: 60013 + +ldap_groups: + - marketing: + cn: marketing + gidNumber: 60002 + description: "Service MARKETING" + memberUid: + - userB + - userA + - it: + cn: it + gidNumber: 60003 + description: "Service Informatique" + + +ldap_accounts: + - svc-ssh: + cn: svc-ssh + description: "SSH read user" + userPassword: "test" + +ldap_applications: + - sudoers diff --git a/playbook_ldap_deploy.yml b/playbook_ldap_deploy.yml index afcdb4b..509f632 100644 --- a/playbook_ldap_deploy.yml +++ b/playbook_ldap_deploy.yml @@ -1,4 +1,4 @@ --- - hosts: ldap_server roles: - - criecm.openldap + - ldap_server diff --git a/requirements.yml b/requirements.yml index e636aa1..a4946b6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -2,5 +2,4 @@ - name: geerlingguy.munin - name: geerlingguy.nginx - name: geerlingguy.certbot -- name: criecm.openldap - name: vavrusa.knot