crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[slapd][unsafe] Rennomage variables et doc

certbot_on_virtu
_shirenn 2020-08-06 16:24:56 +02:00
parent 34985f5558
commit 3c1a94822b
4 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
host_vars/daniel.adm.crans.org → host_vars/daniel.adm.crans.org.yml
View File

13
roles/slapd/README.md 100644
View File

@ -0,0 +1,13 @@
# SLAPD
Deploie un serveur ldap master ou replica
## VARS
slapd:
- ip : l'ip sur lequel il va installer le serveur ldap
- replica : s'il s'agit d'un master ou d'une replica
- replica_rid : le numéro de replica du serveur
- master_ip : l'ip du master
- replication_credentials : les credientials pour authentifier les replicas
auprès du master

2
roles/slapd/tasks/main.yml
View File

@ -26,6 +26,6 @@
lineinfile: lineinfile:
path: /etc/default/slapd path: /etc/default/slapd
regexp: '^SLAPD_SERVICES=' regexp: '^SLAPD_SERVICES='
line: 'SLAPD_SERVICES="ldaps://{{ ldap.ip }}/ ldapi:///"' line: 'SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"'
notify: Restart slapd notify: Restart slapd
check_mode: no check_mode: no

12
roles/slapd/templates/ldap/slapd.conf.j2
View File

@ -23,7 +23,7 @@ loglevel none
# Where the dynamically loaded modules are stored # Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap modulepath /usr/lib/ldap
moduleload back_mdb moduleload back_mdb
{% if not ldap.replica %} {% if not slapd.replica %}
moduleload auditlog moduleload auditlog
overlay auditlog overlay auditlog
@ -104,13 +104,13 @@ lastmod on
# failure and to speed slapd shutdown. # failure and to speed slapd shutdown.
checkpoint 512 30 checkpoint 512 30
{% if ldap.replica %} {% if slapd.replica %}
syncrepl syncrepl
rid={{ ldap.replica_rid }} rid={{ slapd.replica_rid }}
provider=ldaps://{{ ldap.master_ip }}:636 provider=ldaps://{{ slapd.master_ip }}:636
bindmethod=simple bindmethod=simple
binddn="cn=replicator,dc=crans,dc=org" binddn="cn=replicator,dc=crans,dc=org"
credentials={{ ldap.replication_credentials }} credentials={{ slapd.replication_credentials }}
searchbase="dc=crans,dc=org" searchbase="dc=crans,dc=org"
scope=sub scope=sub
schemachecking=on schemachecking=on
@ -121,7 +121,7 @@ syncrepl
tls_reqcert=allow tls_reqcert=allow
{% endif %} {% endif %}
{% if ldap.replica %} {% if slapd.replica %}
# The userPassword by default can be changed # The userPassword by default can be changed
# by the entry owning it if they are authenticated. # by the entry owning it if they are authenticated.
# Others should not be able to see it, except the # Others should not be able to see it, except the