ansible-base/roles/ldap_server/tasks/ldap_entries.yml

110 lines
3.1 KiB
YAML

---
- name: root DN created
ldap_entry:
dn: "{{ ldap_root_dn }}"
objectClass:
- dcObject
- organization
attributes:
o: "{{ ldap_domain }}"
start_tls: yes
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
bind_dn: "{{ ldap_admin_user_dn }}"
bind_pw: "{{ ldap_admin_user_password }}"
- name: people OU created
ldap_entry:
dn: "ou=people,{{ ldap_root_dn }}"
objectClass:
- organizationalUnit
start_tls: yes
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
bind_dn: "{{ ldap_admin_user_dn }}"
bind_pw: "{{ ldap_admin_user_password }}"
- name: groups OU created
ldap_entry:
dn: "ou=groups,{{ ldap_root_dn }}"
objectClass:
- organizationalUnit
start_tls: yes
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
bind_dn: "{{ ldap_admin_user_dn }}"
bind_pw: "{{ ldap_admin_user_password }}"
- name: accounts OU created
ldap_entry:
dn: "ou=accounts,{{ ldap_root_dn }}"
objectClass:
- organizationalUnit
start_tls: yes
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
bind_dn: "{{ ldap_admin_user_dn }}"
bind_pw: "{{ ldap_admin_user_password }}"
- name: applications OU created
ldap_entry:
dn: "ou=applications,{{ ldap_root_dn }}"
objectClass:
- organizationalUnit
start_tls: yes
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
bind_dn: "{{ ldap_admin_user_dn }}"
bind_pw: "{{ ldap_admin_user_password }}"
- name: people created
ldap_entry:
dn: "uid={{ item.uid }},ou=people,{{ ldap_root_dn }}"
objectClass:
- account
- posixAccount
- shadowAccount
attributes:
uid: "{{ item.uid }}"
cn: "{{ item.cn }}"
loginShell: "/bin/bash"
homeDirectory: "/home/{{ item.uid }}"
uidNumber: "{{ item.uidNumber }}"
gidNumber: "{{ item.gidNumber }}"
start_tls: yes
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
bind_dn: "{{ ldap_admin_user_dn }}"
bind_pw: "{{ ldap_admin_user_password }}"
loop: "{{ ldap_people }}"
when: ldap_people | length > 0
- name: groups created
ldap_entry:
dn: "cn={{ item.cn }},ou=groups,{{ ldap_root_dn }}"
objectClass:
- posixGroup
attributes:
cn: "{{ item.cn }}"
description: "{{ item.description }}"
gidNumber: "{{ item.gidNumber }}"
start_tls: yes
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
bind_dn: "{{ ldap_admin_user_dn }}"
bind_pw: "{{ ldap_admin_user_password }}"
loop: "{{ ldap_groups }}"
when: ldap_groups | length > 0
- name: accounts created
ldap_entry:
dn: "cn={{ item.cn }},ou=accounts,{{ ldap_root_dn }}"
objectClass:
- simpleSecurityObject
- organizationalRole
attributes:
cn: "{{ item.cn }}"
description: "{{ item.description }}"
userPassword: "{{ item.userPassword }}"
start_tls: yes
server_uri: "ldap://{{ ldap_host }}:{{ ldap_port }}/"
bind_dn: "{{ ldap_admin_user_dn }}"
bind_pw: "{{ ldap_admin_user_password }}"
loop: "{{ ldap_accounts }}"
when: ldap_accounts | length > 0