[ldap-client] use nounous ldap

roles/ldap-client/tasks/main.yml

@@ -4,17 +4,14 @@
   apt:
     update_cache: true
     name:
-      - nslcd
       - libnss-ldapd
-      - libpam-ldapd
-      - nscd  # local cache
     state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
 
 # Configure /etc/nslcd.conf
-- name: Configure nslcd LDAP credentials
+- name: Configure nslcd
   template:
     src: nslcd.conf.j2
     dest: /etc/nslcd.conf
@@ -26,20 +23,27 @@
   lineinfile:
     dest: /etc/nsswitch.conf
     regexp: "^{{ item }}:"
-    line: "{{ item }}:         files ldap"
+    line: "{{ item }}:         files systemd ldap"
   loop:
     - passwd
     - group
-    - shadow
   notify: Restart nslcd service
 
-# Disable passwd and chsh
+- name: Configure NSS to use LDAP
-- name: Copy passwd and chsh scripts
+  lineinfile:
-  template:
+    dest: /etc/nsswitch.conf
-    src: "bin/{{ item }}.j2"
+    regexp: "^{{ item }}:"
-    dest: "/usr/local/bin/{{ item }}"
+    line: "{{ item }}:         files ldap"
-    mode: 0755
   loop:
-    - chsh
+    - shadow
-    - chsh.ldap
+    - networks
-    - passwd
+  notify: Restart nslcd service
+
+- name: Configure NSS to use LDAP
+  lineinfile:
+    dest: /etc/nsswitch.conf
+    regexp: "^{{ item }}:"
+    line: "{{ item }}:         files dns ldap"
+  loop:
+    - hosts
+  notify: Restart nslcd service

roles/ldap-client/templates/bin/chsh.j2

@@ -1,4 +0,0 @@
-#!/bin/sh
-{{ ansible_header | comment }}
-echo "Pour changer votre shell,\nAllez sur l'intranet : {{intranet_url}}"
-

roles/ldap-client/templates/bin/chsh.ldap.j2

@@ -1,4 +0,0 @@
-#!/bin/sh
-{{ ansible_header | comment }}
-echo "Pour changer votre shell,\nAllez sur l'intranet : {{intranet_url}}"
-echo "De toutes façons la vraie commande aurait pas marché, on installe pas nslcd-utils sur les serveurs normalement."

roles/ldap-client/templates/bin/passwd.j2

@@ -1,3 +0,0 @@
-#!/bin/sh
-{{ ansible_header | comment }}
-echo "Pour changer votre mot de passe,\nAllez sur l'intranet : {{intranet_url}}"

roles/ldap-client/templates/nslcd.conf.j2

@@ -1,35 +1,30 @@
 {{ ansible_header | comment }}
+# /etc/nslcd.conf
+# nslcd configuration file. See nslcd.conf(5)
+# for details.
 
 # The user and group nslcd should run as.
 uid nslcd
 gid nslcd
 
 # The location at which the LDAP server(s) should be reachable.
-{% if ldap_local_replica_uri is defined %}
+{% if ldap.local %}
-{% for uri in ldap_local_replica_uri %}
+uri ldapi:///
-uri {{ uri }}
+{% else %}
+{% for server in ldap.servers %}
+uri ldaps://{{ server }}/
 {% endfor %}
 {% endif %}
-uri {{ ldap_master_uri }}
 
 # The search base that will be used for all queries.
-base {{ ldap_base }}
+base dc=crans,dc=org
-base passwd {{ ldap_user_tree }}
-base shadow {{ ldap_user_tree }}
-base group ou=posix,ou=groups,{{ ldap_base }}
 
 # The LDAP protocol version to use.
-ldap_version 3
+#ldap_version 3
-
-# Time limit to wait for an answer
-timelimit 5
-
-# Time limit to wait for a bind
-bind_timelimit 5
 
 # The DN to bind with for normal lookups.
-binddn {{ ldap_nslcd_bind_dn }}
+#binddn cn=annonymous,dc=example,dc=net
-bindpw {{ ldap_nslcd_passwd }}
+#bindpw secret
 
 # The DN used for password modifications by root.
 #rootpwmoddn cn=admin,dc=example,dc=com
@@ -41,4 +36,3 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
 
 # The search scope.
 #scope sub
-