From 0c99d9d1600c0fe2c494f9c59ba8ea7966dcd65f Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 1 Dec 2013 22:21:41 +0100 Subject: Provision /etc/default/slapd This is because the UNIX domain socket to connect to when performing LDAP lookups needs to be in the chroot. Also, don't open a INET socket unless we're a Sync Provider. --- roles/common-LDAP/tasks/main.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'roles/common-LDAP/tasks/main.yml') diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml index cb1e835..270924c 100644 --- a/roles/common-LDAP/tasks/main.yml +++ b/roles/common-LDAP/tasks/main.yml @@ -7,6 +7,15 @@ - db-util - python-ldap +- name: Configure slapd + template: src=etc/default/slapd.j2 + dest=/etc/default/slapd + owner=root group=root + mode=0644 + register: r1 + notify: + - Restart slapd + # Upon install slapd create and populate a database under /var/lib/ldap. # We clear it up and create a children directory to get finer-grain # control. @@ -27,6 +36,7 @@ dest=/var/lib/ldap/fripost/DB_CONFIG owner=openldap group=openldap mode=0600 + register: r2 notify: # Not sure if required - Restart slapd @@ -64,4 +74,10 @@ # TODO only if writable - constraint +- name: Start slapd + service: name=slapd state=started + when: not (r1.changed or r2.changed) + +- meta: flush_handlers + # TODO: authz constraint syncprov syncrepl -- cgit v1.2.3