jonathan/infra
1
0
Fork 0
Code Actions Activity

Init openldap data

Browse Source
This commit is contained in:
Jonathan DeMasi
2026-01-24 16:53:59 -07:00
parent 9cb8287808
commit 6e95041033
7 changed files with 84 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/inventories/production/host_vars/ldap.home.jthan.io/vars.yaml
View File

@@ -1,12 +1,16 @@
root_pw: "{{ lookup('bitwarden.secrets.lookup', '64a96d82-179b-41af-898d-b3dc014f44a0') }}" root_pw: "{{ lookup('bitwarden.secrets.lookup', '64a96d82-179b-41af-898d-b3dc014f44a0') }}"
ldap_manager_pw_hash: "{{ lookup('bitwarden.secrets.lookup', '32654697-7172-4fe3-9767-b3dc015ddd34') }}"
letsencrypt_email: "me@jthan.io" letsencrypt_email: "me@jthan.io"
linode_dns_token: "{{ lookup('bitwarden.secrets.lookup', '8849d676-e53e-4aef-a7e6-b3dc014dd698') }}" linode_dns_token: "{{ lookup('bitwarden.secrets.lookup', '8849d676-e53e-4aef-a7e6-b3dc014dd698') }}"
ldap_domain: ldap.home.jthan.io ldap_domain: ldap.home.jthan.io
ldap_basedn: dc=ldap,dc=home,dc=jthan,dc=io ldap_basedn: dc=ldap,dc=home,dc=jthan,dc=io
ldap_manager_pw_hash: "{{ lookup('bitwarden.secrets.lookup', '32654697-7172-4fe3-9767-b3dc015ddd34') }}"
ldap_uri: ldap://ldap.home.jthan.io
ldap_admin_dn: cn=Manager,{{ ldap_basedn }}
ldap_admin_pw: "{{ lookup('bitwarden.secrets.lookup', '04e7d5d8-f97a-4fbc-9ecf-b3dc015dfbd2') }}"
ldap_users: ldap_users:
- uid: jonathan - uid: jonathan

10
ansible/roles/openldap_directory/defaults/main.yaml Normal file
View File

@@ -0,0 +1,10 @@
ldap_uri: ldap://ldap.example.com
ldap_basedn: dc=example,dc=com
ldap_admin_dn: cn=Manager,{{ ldap_basedn }}
ldap_admin_pw: "{{ ldap_admin_password }}"
ldap_people_ou: ou=people,{{ ldap_basedn }}
ldap_groups_ou: ou=groups,{{ ldap_basedn }}
ldap_sudo_ou: ou=SUDOers,{{ ldap_basedn }}

14
ansible/roles/openldap_directory/tasks/base.yaml Normal file
View File

@@ -0,0 +1,14 @@
- name: Create base OUs
community.general.ldap_entry:
dn: "{{ item }}"
state: present
objectClass: organizationalUnit
loop:
- "{{ ldap_people_ou }}"
- "{{ ldap_groups_ou }}"
- "{{ ldap_sudo_ou }}"
args:
server_uri: "{{ ldap_uri }}"
bind_dn: "{{ ldap_admin_dn }}"
bind_pw: "{{ ldap_admin_pw }}"
start_tls: yes

5
ansible/roles/openldap_directory/tasks/main.yaml Normal file
View File

@@ -0,0 +1,5 @@
- import_tasks: base.yaml
- import_tasks: groups.yaml
- import_tasks: users.yaml
- import_tasks: ssh_keys.yaml
- import_tasks: sudo.yaml

13
ansible/roles/openldap_directory/tasks/ssh_keys.yaml Normal file
View File

@@ -0,0 +1,13 @@
- name: Set SSH keys
community.general.ldap_attrs:
dn: "uid={{ item.uid }},{{ ldap_people_ou }}"
state: exact
attributes:
sshPublicKey: "{{ item.ssh_keys }}"
loop: "{{ ldap_users }}"
when: item.ssh_keys is defined
args:
server_uri: "{{ ldap_uri }}"
bind_dn: "{{ ldap_admin_dn }}"
bind_pw: "{{ ldap_admin_pw }}"
start_tls: yes

15
ansible/roles/openldap_directory/tasks/sudo.yaml Normal file
View File

@@ -0,0 +1,15 @@
- name: Admin sudo rule
community.general.ldap_entry:
dn: "cn=admins-all,{{ ldap_sudo_ou }}"
state: present
objectClass: sudoRole
attributes:
cn: admins-all
sudoUser: "%admins"
sudoHost: ALL
sudoCommand: ALL
args:
server_uri: "{{ ldap_uri }}"
bind_dn: "{{ ldap_admin_dn }}"
bind_pw: "{{ ldap_admin_pw }}"
start_tls: yes

22
ansible/roles/openldap_directory/tasks/users.yaml Normal file
View File

@@ -0,0 +1,22 @@
- name: Ensure users exist
community.general.ldap_entry:
dn: "uid={{ item.uid }},{{ ldap_people_ou }}"
state: present
objectClass:
- inetOrgPerson
- posixAccount
- ldapPublicKey
attributes:
cn: "{{ item.cn }}"
sn: "{{ item.sn }}"
uid: "{{ item.uid }}"
uidNumber: "{{ item.uidNumber }}"
gidNumber: "{{ item.gidNumber }}"
homeDirectory: "/home/{{ item.uid }}"
loginShell: /bin/bash
loop: "{{ ldap_users }}"
args:
server_uri: "{{ ldap_uri }}"
bind_dn: "{{ ldap_admin_dn }}"
bind_pw: "{{ ldap_admin_pw }}"
start_tls: yes