diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2013-12-02 06:03:28 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:06 +0200 |
| commit | 175f9f0272ab50a3bd6567ece06f8a5655866b08 (patch) | |
| tree | baa4d09f88b41307b6306d861eafed65a356f381 | |
| parent | dd155fee24fcb05dad7ea9df241ce138ad7083b0 (diff) | |
Configure the LDAP provider.
(Hence the SyncProv overlay.)
| -rw-r--r-- | all.yml | 7 | ||||
| -rw-r--r-- | common.yml | 7 | ||||
| -rw-r--r-- | roles/LDAP-provider/files/etc/ldap/syncprov.ldif | 13 | ||||
| -rw-r--r-- | roles/LDAP-provider/tasks/main.yml | 12 | ||||
| -rw-r--r-- | roles/common-LDAP/tasks/main.yml | 10 |
5 files changed, 39 insertions, 10 deletions
@@ -0,0 +1,7 @@ +--- +# Example: +# ansible-playbook -i stage_vms all.yml -t rkhunter + +- include: common.yml +- include: IMAP.yml +- include: MX.yml @@ -25,3 +25,10 @@ tags: slapd,ldap roles: - common-LDAP + +- name: Configure the LDAP provider + hosts: LDAP-provider + gather_facts: False + tags: slapd,ldap + roles: + - LDAP-provider diff --git a/roles/LDAP-provider/files/etc/ldap/syncprov.ldif b/roles/LDAP-provider/files/etc/ldap/syncprov.ldif new file mode 100644 index 0000000..42f06a0 --- /dev/null +++ b/roles/LDAP-provider/files/etc/ldap/syncprov.ldif @@ -0,0 +1,13 @@ +# References: +# - http://www.openldap.org/doc/admin24/replication.html#Syncrepl +# - http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl-rap +# - man 5 slapo-syncprov + +dn: olcOverlay=syncprov,olcDatabase={*}hdb,cn=config +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov +# contextCSN saved to database every 50 updates or 5 +# minutes +olcSpCheckpoint: 50 5 +olcSpReloadHint: TRUE diff --git a/roles/LDAP-provider/tasks/main.yml b/roles/LDAP-provider/tasks/main.yml new file mode 100644 index 0000000..64c8e30 --- /dev/null +++ b/roles/LDAP-provider/tasks/main.yml @@ -0,0 +1,12 @@ +- name: Copy the syncprov overlay configuration + copy: src=etc/ldap/syncprov.ldif + dest=/etc/ldap/fripost/syncprov.ldif + owner=root group=root + mode=0644 + +- name: Load and configure the syncprov overlay + openldap: module=syncprov state=present + suffix=o=mailHosting,dc=fripost,dc=org + target=/etc/ldap/fripost/syncprov.ldif + +# TODO: authz constraint diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml index 27a0298..06eb692 100644 --- a/roles/common-LDAP/tasks/main.yml +++ b/roles/common-LDAP/tasks/main.yml @@ -66,18 +66,8 @@ # TODO load other required schemas *before* loading the database - fripost/database.ldif -- name: Load LDAP modules - openldap: module={{ item }}.la state=present - with_items: - # TODO only if provider - - syncprov - # TODO only if writable - - constraint - - name: Start slapd service: name=slapd state=started when: not (r1.changed or r2.changed) - meta: flush_handlers - -# TODO: authz constraint syncprov |