|
|
|
@ -6,7 +6,7 @@ certbot_auto_renew: true
|
|
|
|
|
certbot_auto_renew_user: "root" |
|
|
|
|
certbot_auto_renew_hour: "5" |
|
|
|
|
certbot_auto_renew_minute: "0" |
|
|
|
|
certbot_auto_renew_options: "--quiet --no-self-upgrade --deploy-hook 'cp -pf /etc/letsencrypt/live/{{ inventory_hostname }}/*.pem /etc/ldap/sasl2/ && chown openldap: /etc/ldap/sasl2/*.pem && systemctl restart slapd'" |
|
|
|
|
certbot_auto_renew_options: "--quiet --no-self-upgrade --pre-hook 'iptables -A INPUT -p tcp --dport 80 -j ACCEPT' --deploy-hook 'cp -pf /etc/letsencrypt/live/{{ inventory_hostname }}/*.pem /etc/ldap/sasl2/ && chown openldap: /etc/ldap/sasl2/*.pem && systemctl restart slapd' --post-hook 'iptables -D INPUT -p tcp --dport 80 -j ACCEPT'" |
|
|
|
|
certbot_create_if_missing: true |
|
|
|
|
certbot_create_method: standalone |
|
|
|
|
certbot_create_standalone_stop_services: [] |
|
|
|
@ -22,7 +22,7 @@ openldap_schemas:
|
|
|
|
|
- rfc2739 |
|
|
|
|
openldap_bases: |
|
|
|
|
rootdn: cn=admin |
|
|
|
|
suffix: dc=example,dc=org |
|
|
|
|
suffix: dc=wirebrass,dc=fr |
|
|
|
|
includes: [ slapd.access ] |
|
|
|
|
indexes: |
|
|
|
|
- [ "uid,uidNumber,gidNumber,memberUID", "pres,eq" ] |
|
|
|
@ -36,10 +36,10 @@ openldap_bases:
|
|
|
|
|
ldap_host: "localhost" |
|
|
|
|
ldap_port: "389" |
|
|
|
|
|
|
|
|
|
ldap_root_dn: "dc=example,dc=org" |
|
|
|
|
ldap_domain: "example.org" |
|
|
|
|
ldap_root_dn: "dc=wirebrass,dc=fr" |
|
|
|
|
ldap_domain: "wirebrass.fr" |
|
|
|
|
|
|
|
|
|
ldap_admin_user_dn: "cn=admin,dc=example,dc=org" |
|
|
|
|
ldap_admin_user_dn: "cn=admin,dc=wirebrass,dc=fr" |
|
|
|
|
ldap_admin_user_password: "{{ vault_ldap_admin_user_password }}" |
|
|
|
|
|
|
|
|
|
ldap_config_admin_user_dn: "cn=admin,cn=config" |
|
|
|
@ -64,7 +64,7 @@ ldap_groups:
|
|
|
|
|
description: "Service MARKETING" |
|
|
|
|
memberUid: |
|
|
|
|
- userB |
|
|
|
|
- userA |
|
|
|
|
#- userA |
|
|
|
|
- it: |
|
|
|
|
cn: it |
|
|
|
|
gidNumber: 60003 |
|
|
|
|