diff options
Diffstat (limited to 'roles/common/tasks')
-rw-r--r-- | roles/common/tasks/ldap.yml | 66 | ||||
-rw-r--r-- | roles/common/tasks/main.yml | 6 |
2 files changed, 72 insertions, 0 deletions
diff --git a/roles/common/tasks/ldap.yml b/roles/common/tasks/ldap.yml new file mode 100644 index 0000000..b1ced49 --- /dev/null +++ b/roles/common/tasks/ldap.yml @@ -0,0 +1,66 @@ +- name: Install OpenLDAP + apt: pkg={{ item }} + with_items: + - slapd + - ldap-utils + - ldapvi + - db-util + - python-ldap + +# Upon install slapd create and populate a database under /var/lib/ldap. +# We clear it up and create a children directory to get finer-grain +# control. +- name: Clear empty /var/lib/ldap + # Don't remove the database (and fail) if it contains something else + # than its suffix or cn=admin,... + openldap: dbdirectory=/var/lib/ldap ignoredn=cn=admin + state=absent + +- name: Create directory /var/lib/ldap/fripost + file: path=/var/lib/ldap/fripost + owner=openldap group=openldap + state=directory + mode=0700 + +- name: Copy /var/lib/ldap/fripost/DB_CONFIG + copy: src=var/lib/ldap/fripost/DB_CONFIG + dest=/var/lib/ldap/fripost/DB_CONFIG + owner=openldap group=openldap + mode=0600 + notify: + # Not sure if required + - Restart slapd + +- name: Create directory /etc/ldap/fripost + file: path=/etc/ldap/fripost + owner=root group=root + state=directory + mode=0755 + +- name: Copy fripost database definition + template: src=etc/ldap/database.ldif.j2 + dest=/etc/ldap/fripost/database.ldif + owner=root group=root + mode=0600 + +- name: Copy fripost schema + copy: src=etc/ldap/schema/fripost.ldif + dest=/etc/ldap/schema/fripost.ldif + owner=root group=root + mode=0644 + +- name: Create fripost database and load the schema + openldap: target=/etc/ldap/{{ item }} state=present + with_items: + - fripost/database.ldif + - schema/fripost.ldif + +- name: Load LDAP modules + openldap: module={{ item }}.la state=present + with_items: + # TODO only if provider + - syncprov + # TODO only if writable + - constraint + +# TODO: authz constraint syncprov syncrepl diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 81ef705..ed84cb5 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -15,3 +15,9 @@ when: "'MDA' in group_names or 'webmail' in group_names or 'backup' in group_names" +- include: ldap.yml tags=slapd,ldap + when: "'MDA' in group_names or + 'MSA' in group_names or + 'lists' in group_names or + 'LDAP-producer' in group_names or + 'MX' in group_names" |