Change role to use for LDAP server
This commit is contained in:
Nemo
parent
cbca659113
commit
5fd4e21d2e
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1,5 +1,4 @@
|
||||||
roles/geerlingguy.*
|
roles/geerlingguy.*
|
||||||
roles/criecm.*
|
|
||||||
roles/vavrusa.*
|
roles/vavrusa.*
|
||||||
.vault-password
|
.vault-password
|
||||||
*.retry
|
*.retry
|
||||||
|
|
|
||||||
|
|
@ -14,3 +14,6 @@ vault_public_key_munin_user_host: SSH_PUB_KEY_OF_munin_user_USER_ON_USER_HOST
|
||||||
vault_private_key_backup_user_host: |
|
vault_private_key_backup_user_host: |
|
||||||
SSH_PRIV_KEY_OF_backup_user_USER_ON_USER_HOST
|
SSH_PRIV_KEY_OF_backup_user_USER_ON_USER_HOST
|
||||||
vault_public_key_backup_user_host: SSH_PUBKEY_OF_backup_user_USER_ON_BACKUP_HOST
|
vault_public_key_backup_user_host: SSH_PUBKEY_OF_backup_user_USER_ON_BACKUP_HOST
|
||||||
|
|
||||||
|
vault_ldap_admin_user_password: LDAP_ADMIN_PASSWORD
|
||||||
|
vault_ldap_config_admin_user_password: LDAP_CONFIG_ADMIN_PASSWORD
|
||||||
|
|
|
||||||
67
inventory_template/group_vars/ldap_server.yml
Normal file
67
inventory_template/group_vars/ldap_server.yml
Normal file
|
|
@ -0,0 +1,67 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
openldap_schemas:
|
||||||
|
- core
|
||||||
|
- cosine
|
||||||
|
- nis
|
||||||
|
- inetorgperson
|
||||||
|
- rfc2739
|
||||||
|
openldap_bases:
|
||||||
|
rootdn: cn=admin
|
||||||
|
suffix: dc=example,dc=org
|
||||||
|
includes: [ slapd.access ]
|
||||||
|
indexes:
|
||||||
|
- [ "uid,uidNumber,gidNumber,memberUID", "pres,eq" ]
|
||||||
|
# slave:
|
||||||
|
# rid:
|
||||||
|
# provider: ldaps://:636
|
||||||
|
# binddn: cn=bind,dc=dn
|
||||||
|
# credentials: bindpw
|
||||||
|
# bindmethod: simple
|
||||||
|
|
||||||
|
ldap_host: "localhost"
|
||||||
|
ldap_port: "389"
|
||||||
|
|
||||||
|
ldap_root_dn: "dc=example,dc=org"
|
||||||
|
ldap_domain: "example.org"
|
||||||
|
|
||||||
|
ldap_admin_user_dn: "cn=admin,dc=example,dc=org"
|
||||||
|
ldap_admin_user_password: "{{ vault_ldap_admin_user_password }}"
|
||||||
|
|
||||||
|
ldap_config_admin_user_dn: "cn=admin,cn=config"
|
||||||
|
ldap_config_admin_user_password: "{{ vault_ldap_config_admin_user_password }}"
|
||||||
|
|
||||||
|
ldap_people:
|
||||||
|
- userA:
|
||||||
|
uid: userA
|
||||||
|
cn: userA
|
||||||
|
uidNumber: 60012
|
||||||
|
gidNumber: 60012
|
||||||
|
- userB:
|
||||||
|
uid: userB
|
||||||
|
cn: userB
|
||||||
|
uidNumber: 60013
|
||||||
|
gidNumber: 60013
|
||||||
|
|
||||||
|
ldap_groups:
|
||||||
|
- marketing:
|
||||||
|
cn: marketing
|
||||||
|
gidNumber: 60002
|
||||||
|
description: "Service MARKETING"
|
||||||
|
memberUid:
|
||||||
|
- userB
|
||||||
|
- userA
|
||||||
|
- it:
|
||||||
|
cn: it
|
||||||
|
gidNumber: 60003
|
||||||
|
description: "Service Informatique"
|
||||||
|
|
||||||
|
|
||||||
|
ldap_accounts:
|
||||||
|
- svc-ssh:
|
||||||
|
cn: svc-ssh
|
||||||
|
description: "SSH read user"
|
||||||
|
userPassword: "test"
|
||||||
|
|
||||||
|
ldap_applications:
|
||||||
|
- sudoers
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
---
|
||||||
- hosts: ldap_server
|
- hosts: ldap_server
|
||||||
roles:
|
roles:
|
||||||
- criecm.openldap
|
- ldap_server
|
||||||
|
|
|
||||||
|
|
@ -2,5 +2,4 @@
|
||||||
- name: geerlingguy.munin
|
- name: geerlingguy.munin
|
||||||
- name: geerlingguy.nginx
|
- name: geerlingguy.nginx
|
||||||
- name: geerlingguy.certbot
|
- name: geerlingguy.certbot
|
||||||
- name: criecm.openldap
|
|
||||||
- name: vavrusa.knot
|
- name: vavrusa.knot
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue