summaryrefslogtreecommitdiffstats
path: root/roles/common-LDAP/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-12-01 22:21:41 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:51:02 +0200
commit0c99d9d1600c0fe2c494f9c59ba8ea7966dcd65f (patch)
treed97af36efc2f16a7164df52b5663d599196e6a7b /roles/common-LDAP/tasks
parentad5c4ebef590371352b4349443a7661fd25301ac (diff)
Provision /etc/default/slapd
This is because the UNIX domain socket to connect to when performing LDAP lookups needs to be in the chroot. Also, don't open a INET socket unless we're a Sync Provider.
Diffstat (limited to 'roles/common-LDAP/tasks')
-rw-r--r--roles/common-LDAP/tasks/main.yml16
1 files changed, 16 insertions, 0 deletions
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index cb1e835..270924c 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -7,6 +7,15 @@
- db-util
- python-ldap
+- name: Configure slapd
+ template: src=etc/default/slapd.j2
+ dest=/etc/default/slapd
+ owner=root group=root
+ mode=0644
+ register: r1
+ notify:
+ - Restart slapd
+
# Upon install slapd create and populate a database under /var/lib/ldap.
# We clear it up and create a children directory to get finer-grain
# control.
@@ -27,6 +36,7 @@
dest=/var/lib/ldap/fripost/DB_CONFIG
owner=openldap group=openldap
mode=0600
+ register: r2
notify:
# Not sure if required
- Restart slapd
@@ -64,4 +74,10 @@
# TODO only if writable
- constraint
+- name: Start slapd
+ service: name=slapd state=started
+ when: not (r1.changed or r2.changed)
+
+- meta: flush_handlers
+
# TODO: authz constraint syncprov syncrepl