summaryrefslogtreecommitdiffstats
path: root/roles/common-LDAP/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common-LDAP/tasks/main.yml')
-rw-r--r--roles/common-LDAP/tasks/main.yml7
1 files changed, 3 insertions, 4 deletions
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index 960189b..6ad561e 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -40,44 +40,43 @@
--pubkey=/etc/ldap/ssl/{{ item.name }}.pem
--privkey=/etc/ldap/ssl/{{ item.name }}.key
--ou=LDAP {{ item.ou }} --cn={{ item.name }}
--usage=digitalSignature,keyEncipherment,keyCertSign
-t rsa -b 4096 -h sha256
--owner=root --group=openldap --mode=0640
register: r2
changed_when: r2.rc == 0
failed_when: r2.rc > 1
with_items:
- { group: 'LDAP-provider', name: ldap.fripost.org, ou: }
- { group: 'MX', name: mx, ou: --ou=SyncRepl }
- { group: 'lists', name: lists, ou: --ou=SyncRepl }
when: "item.group in group_names"
tags:
- genkey
- name: Fetch slapd's X.509 certificate
# Ensure we don't fetch private data
become: False
- fetch: src=/etc/ldap/ssl/{{ item.name }}.pem
- dest=certs/ldap/
- fail_on_missing=yes
- flat=yes
+ fetch_cmd: cmd="openssl x509"
+ stdin=/etc/ldap/ssl/{{ item.name }}.pem
+ dest=certs/ldap/{{ item.name }}.pem
with_items:
- { group: 'LDAP-provider', name: ldap.fripost.org }
- { group: 'MX', name: mx }
- { group: 'lists', name: lists }
when: "item.group in group_names"
tags:
- genkey
- name: Copy the SyncProv's server certificate
copy: src=certs/ldap/ldap.fripost.org.pem
dest=/etc/ldap/ssl/ldap.fripost.org.pem
owner=root group=root
mode=0644
when: "'LDAP-provider' not in group_names"
tags:
- genkey
- name: Copy the SyncRepls's client certificates
assemble: src=certs/ldap remote_src=no
dest=/etc/ldap/ssl/clients.pem
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 21:11:11 +0000