ansible-base/inventory_template/group_vars/ldap_server.yml

82 lines
2 KiB
YAML

---
# Role ansible-role-certbot : defina auto renew, schedule, ...
# WARNING: you need to open the port 80 (iptables)
certbot_auto_renew: true
certbot_auto_renew_user: "root"
certbot_auto_renew_hour: "5"
certbot_auto_renew_minute: "0"
certbot_auto_renew_options: "--quiet --no-self-upgrade --pre-hook 'iptables -A INPUT -p tcp --dport 80 -j ACCEPT' --deploy-hook 'cp -pf /etc/letsencrypt/live/{{ inventory_hostname }}/*.pem /etc/ldap/sasl2/ && chown openldap: /etc/ldap/sasl2/*.pem && systemctl restart slapd' --post-hook 'iptables -D INPUT -p tcp --dport 80 -j ACCEPT'"
certbot_create_if_missing: true
certbot_create_method: standalone
certbot_create_standalone_stop_services: []
certbot_certs:
- domains:
- "{{ inventory_hostname }}"
openldap_schemas:
- core
- cosine
- nis
- inetorgperson
- rfc2739
openldap_bases:
rootdn: cn=admin
suffix: dc=wirebrass,dc=fr
includes: [ slapd.access ]
indexes:
- [ "uid,uidNumber,gidNumber,memberUID", "pres,eq" ]
# slave:
# rid:
# provider: ldaps://:636
# binddn: cn=bind,dc=dn
# credentials: bindpw
# bindmethod: simple
ldap_host: "localhost"
ldap_port: "389"
ldap_root_dn: "dc=wirebrass,dc=fr"
ldap_domain: "wirebrass.fr"
ldap_admin_user_dn: "cn=admin,dc=wirebrass,dc=fr"
ldap_admin_user_password: "{{ vault_ldap_admin_user_password }}"
ldap_config_admin_user_dn: "cn=admin,cn=config"
ldap_config_admin_user_password: "{{ vault_ldap_config_admin_user_password }}"
ldap_people:
- userA:
uid: userA
cn: userA
uidNumber: 60012
gidNumber: 60012
- userB:
uid: userB
cn: userB
uidNumber: 60013
gidNumber: 60013
ldap_groups:
- marketing:
cn: marketing
gidNumber: 60002
description: "Service MARKETING"
memberUid:
- userB
#- userA
- it:
cn: it
gidNumber: 60003
description: "Service Informatique"
ldap_accounts:
- svc-ssh:
cn: svc-ssh
description: "SSH read user"
userPassword: "test"
ldap_applications:
- sudoers