[slapd][unsafe] Rennomage variables et doc

2020-08-06 16:24:56 +02:00 · 2020-08-06 16:24:56 +02:00 · 3c1a94822b
parent 34985f5558
commit 3c1a94822b
4 changed files with 20 additions and 7 deletions
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
--- a/roles/slapd/README.md
+++ b/roles/slapd/README.md
@ -0,0 +1,13 @@
+# SLAPD
+
+Deploie un serveur ldap master ou replica
+
+## VARS
+
+slapd:
+  - ip : l'ip sur lequel il va installer le serveur ldap
+  - replica : s'il s'agit d'un master ou d'une replica
+  - replica_rid : le numéro de replica du serveur
+  - master_ip : l'ip du master
+  - replication_credentials : les credientials pour authentifier les replicas
+    auprès du master
--- a/roles/slapd/tasks/main.yml
+++ b/roles/slapd/tasks/main.yml
@ -26,6 +26,6 @@
  lineinfile:
     path: /etc/default/slapd
     regexp: '^SLAPD_SERVICES='
-     line: 'SLAPD_SERVICES="ldaps://{{ ldap.ip }}/ ldapi:///"'
+     line: 'SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"'
  notify: Restart slapd
  check_mode: no
--- a/roles/slapd/templates/ldap/slapd.conf.j2
+++ b/roles/slapd/templates/ldap/slapd.conf.j2
@ -23,7 +23,7 @@ loglevel        none
 # Where the dynamically loaded modules are stored
 modulepath      /usr/lib/ldap
 moduleload      back_mdb
-{% if not ldap.replica %}
+{% if not slapd.replica %}
 moduleload 		auditlog

 overlay 		auditlog
@ -104,13 +104,13 @@ lastmod         on
 # failure and to speed slapd shutdown.
 checkpoint      512 30

-{% if ldap.replica %}
+{% if slapd.replica %}
 syncrepl
-        rid={{ ldap.replica_rid }}
-        provider=ldaps://{{ ldap.master_ip }}:636
+        rid={{ slapd.replica_rid }}
+        provider=ldaps://{{ slapd.master_ip }}:636
        bindmethod=simple
        binddn="cn=replicator,dc=crans,dc=org"
-        credentials={{ ldap.replication_credentials }}
+        credentials={{ slapd.replication_credentials }}
        searchbase="dc=crans,dc=org"
        scope=sub
        schemachecking=on
@ -121,7 +121,7 @@ syncrepl
        tls_reqcert=allow
 {% endif %}

-{% if ldap.replica %}
+{% if slapd.replica %}
 # The userPassword by default can be changed
 # by the entry owning it if they are authenticated.
 # Others should not be able to see it, except the