roles/LDAP-provider/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

- name: Load and configure the syncprov overlay
  openldap: module=syncprov
            suffix=dc=fripost,dc=org
            target=etc/ldap/syncprov.ldif
            local=file

#- name: Load dyngroup schema
#  openldap: target=/etc/ldap/schema/dyngroup.ldif

- name: Load and configure the dynlist overlay
  openldap: module=dynlist
            suffix=dc=fripost,dc=org
            target=etc/ldap/dynlist.ldif
            local=file

## XXX should be /etc/sasl2/slapd.conf ideally, but it doesn't work with
## Stretch, cf #211156 and #798462:
##   ldapsearch -LLLx -H ldapi:// -b "" -s base supportedSASLMechanisms
- name: Enable the EXTERNAL SASL mechanism
  lineinfile: dest=/usr/lib/sasl2/slapd.conf
              regexp='^mech_list{{':'}}'
              line='mech_list{{':'}} EXTERNAL'
              create=yes
              owner=root group=root
              mode=0644

# TODO: authz constraint