# XXX If #742056 gets fixed, we should preseed slapd to use peercreds as # RootDN once the fix enters stable. - name: Install OpenLDAP apt: pkg={{ item }} with_items: - slapd - ldap-utils - ldapvi - db-util - python-ldap - name: Configure slapd template: src=etc/default/slapd.j2 dest=/etc/default/slapd owner=root group=root mode=0644 register: r1 notify: - Restart slapd # Upon install slapd create and populate a database under /var/lib/ldap. # We clear it up and create a children directory to get finer-grain # control. - name: Clear empty /var/lib/ldap # Don't remove the database (and fail) if it contains something else # than its suffix or cn=admin,... openldap: dbdirectory=/var/lib/ldap ignoredn=cn=admin state=absent - name: Create directory /var/lib/ldap/fripost file: path=/var/lib/ldap/fripost state=directory owner=openldap group=openldap mode=0700 - name: Copy /var/lib/ldap/fripost/DB_CONFIG copy: src=var/lib/ldap/fripost/DB_CONFIG dest=/var/lib/ldap/fripost/DB_CONFIG owner=openldap group=openldap mode=0600 register: r2 notify: # Not sure if required - Restart slapd - name: Copy fripost & amavis' schema copy: src=etc/ldap/schema/{{ item }} dest=/etc/ldap/schema/{{ item }} owner=root group=root mode=0644 # It'd certainly be nicer if we didn't have to deploy amavis' schema # everywhere, but we need the 'objectClass' in our replicates, hence # they need to be aware of the 'amavisAccount' class. with_items: - fripost.ldif - amavis.schema tags: - amavis - name: Load amavis' schema openldap: target=/etc/ldap/schema/amavis.schema state=present format=slapd.conf name=amavis tags: - ldap - name: Load Fripost' schema openldap: target=/etc/ldap/schema/fripost.ldif state=present tags: - ldap - name: Configure the LDAP database openldap: target=etc/ldap/database.ldif.j2 local=template state=present - name: Start slapd service: name=slapd state=started when: not (r1.changed or r2.changed) - meta: flush_handlers