110 lines
3.1 KiB
YAML
110 lines
3.1 KiB
YAML
---
|
|
|
|
- name: root DN created
|
|
ldap_entry:
|
|
dn: "{{ ldap_root_dn }}"
|
|
objectClass:
|
|
- dcObject
|
|
- organization
|
|
attributes:
|
|
o: "{{ ldap_domain }}"
|
|
start_tls: yes
|
|
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
|
|
bind_dn: "{{ ldap_admin_user_dn }}"
|
|
bind_pw: "{{ ldap_admin_user_password }}"
|
|
|
|
- name: people OU created
|
|
ldap_entry:
|
|
dn: "ou=people,{{ ldap_root_dn }}"
|
|
objectClass:
|
|
- organizationalUnit
|
|
start_tls: yes
|
|
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
|
|
bind_dn: "{{ ldap_admin_user_dn }}"
|
|
bind_pw: "{{ ldap_admin_user_password }}"
|
|
|
|
- name: groups OU created
|
|
ldap_entry:
|
|
dn: "ou=groups,{{ ldap_root_dn }}"
|
|
objectClass:
|
|
- organizationalUnit
|
|
start_tls: yes
|
|
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
|
|
bind_dn: "{{ ldap_admin_user_dn }}"
|
|
bind_pw: "{{ ldap_admin_user_password }}"
|
|
|
|
- name: accounts OU created
|
|
ldap_entry:
|
|
dn: "ou=accounts,{{ ldap_root_dn }}"
|
|
objectClass:
|
|
- organizationalUnit
|
|
start_tls: yes
|
|
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
|
|
bind_dn: "{{ ldap_admin_user_dn }}"
|
|
bind_pw: "{{ ldap_admin_user_password }}"
|
|
|
|
- name: applications OU created
|
|
ldap_entry:
|
|
dn: "ou=applications,{{ ldap_root_dn }}"
|
|
objectClass:
|
|
- organizationalUnit
|
|
start_tls: yes
|
|
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
|
|
bind_dn: "{{ ldap_admin_user_dn }}"
|
|
bind_pw: "{{ ldap_admin_user_password }}"
|
|
|
|
- name: people created
|
|
ldap_entry:
|
|
dn: "uid={{ item.uid }},ou=people,{{ ldap_root_dn }}"
|
|
objectClass:
|
|
- account
|
|
- posixAccount
|
|
- shadowAccount
|
|
attributes:
|
|
uid: "{{ item.uid }}"
|
|
cn: "{{ item.cn }}"
|
|
loginShell: "/bin/bash"
|
|
homeDirectory: "/home/{{ item.uid }}"
|
|
uidNumber: "{{ item.uidNumber }}"
|
|
gidNumber: "{{ item.gidNumber }}"
|
|
start_tls: yes
|
|
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
|
|
bind_dn: "{{ ldap_admin_user_dn }}"
|
|
bind_pw: "{{ ldap_admin_user_password }}"
|
|
loop: "{{ ldap_people }}"
|
|
when: ldap_people | length > 0
|
|
|
|
- name: groups created
|
|
ldap_entry:
|
|
dn: "cn={{ item.cn }},ou=groups,{{ ldap_root_dn }}"
|
|
objectClass:
|
|
- posixGroup
|
|
attributes:
|
|
cn: "{{ item.cn }}"
|
|
description: "{{ item.description }}"
|
|
gidNumber: "{{ item.gidNumber }}"
|
|
start_tls: yes
|
|
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
|
|
bind_dn: "{{ ldap_admin_user_dn }}"
|
|
bind_pw: "{{ ldap_admin_user_password }}"
|
|
loop: "{{ ldap_groups }}"
|
|
when: ldap_groups | length > 0
|
|
|
|
- name: accounts created
|
|
ldap_entry:
|
|
dn: "cn={{ item.cn }},ou=accounts,{{ ldap_root_dn }}"
|
|
objectClass:
|
|
- simpleSecurityObject
|
|
- organizationalRole
|
|
attributes:
|
|
cn: "{{ item.cn }}"
|
|
description: "{{ item.description }}"
|
|
userPassword: "{{ item.userPassword }}"
|
|
start_tls: yes
|
|
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
|
|
bind_dn: "{{ ldap_admin_user_dn }}"
|
|
bind_pw: "{{ ldap_admin_user_password }}"
|
|
loop: "{{ ldap_accounts }}"
|
|
when: ldap_accounts | length > 0
|
|
|