|
|
|
@ -6,7 +6,7 @@ certbot_auto_renew: true
|
|
|
|
|
certbot_auto_renew_user: "root"
|
|
|
|
|
certbot_auto_renew_hour: "5"
|
|
|
|
|
certbot_auto_renew_minute: "0"
|
|
|
|
|
certbot_auto_renew_options: "--quiet --no-self-upgrade --deploy-hook 'cp -pf /etc/letsencrypt/live/{{ inventory_hostname }}/*.pem /etc/ldap/sasl2/ && chown openldap: /etc/ldap/sasl2/*.pem && systemctl restart slapd'"
|
|
|
|
|
certbot_auto_renew_options: "--quiet --no-self-upgrade --pre-hook 'iptables -A INPUT -p tcp --dport 80 -j ACCEPT' --deploy-hook 'cp -pf /etc/letsencrypt/live/{{ inventory_hostname }}/*.pem /etc/ldap/sasl2/ && chown openldap: /etc/ldap/sasl2/*.pem && systemctl restart slapd' --post-hook 'iptables -D INPUT -p tcp --dport 80 -j ACCEPT'"
|
|
|
|
|
certbot_create_if_missing: true
|
|
|
|
|
certbot_create_method: standalone
|
|
|
|
|
certbot_create_standalone_stop_services: []
|
|
|
|
@ -22,7 +22,7 @@ openldap_schemas:
|
|
|
|
|
- rfc2739
|
|
|
|
|
openldap_bases:
|
|
|
|
|
rootdn: cn=admin
|
|
|
|
|
suffix: dc=example,dc=org
|
|
|
|
|
suffix: dc=wirebrass,dc=fr
|
|
|
|
|
includes: [ slapd.access ]
|
|
|
|
|
indexes:
|
|
|
|
|
- [ "uid,uidNumber,gidNumber,memberUID", "pres,eq" ]
|
|
|
|
@ -36,10 +36,10 @@ openldap_bases:
|
|
|
|
|
ldap_host: "localhost"
|
|
|
|
|
ldap_port: "389"
|
|
|
|
|
|
|
|
|
|
ldap_root_dn: "dc=example,dc=org"
|
|
|
|
|
ldap_domain: "example.org"
|
|
|
|
|
ldap_root_dn: "dc=wirebrass,dc=fr"
|
|
|
|
|
ldap_domain: "wirebrass.fr"
|
|
|
|
|
|
|
|
|
|
ldap_admin_user_dn: "cn=admin,dc=example,dc=org"
|
|
|
|
|
ldap_admin_user_dn: "cn=admin,dc=wirebrass,dc=fr"
|
|
|
|
|
ldap_admin_user_password: "{{ vault_ldap_admin_user_password }}"
|
|
|
|
|
|
|
|
|
|
ldap_config_admin_user_dn: "cn=admin,cn=config"
|
|
|
|
@ -64,7 +64,7 @@ ldap_groups:
|
|
|
|
|
description: "Service MARKETING"
|
|
|
|
|
memberUid:
|
|
|
|
|
- userB
|
|
|
|
|
- userA
|
|
|
|
|
#- userA
|
|
|
|
|
- it:
|
|
|
|
|
cn: it
|
|
|
|
|
gidNumber: 60003
|
|
|
|
|