Init new ldap server role

2026-01-23 16:26:39 -07:00
parent d18353d2ae
commit 7a377c09e0
7 changed files with 153 additions and 80 deletions
--- a/ansible/roles/openldap_server/tasks/acls.yaml
+++ b/ansible/roles/openldap_server/tasks/acls.yaml
@@ -0,0 +1,21 @@
+- name: Set LDAP ACLs
+  community.general.ldap_attrs:
+    dn: olcDatabase={2}mdb,cn=config
+    state: exact
+    attributes:
+      olcAccess:
+        - >-
+          to attrs=userPassword
+          by dn="{{ ldap_admin_dn }}" write
+          by dn="{{ ldap_bind_dn }}" read
+          by self write
+          by * none
+        - >-
+          to *
+          by dn="{{ ldap_admin_dn }}" write
+          by dn="{{ ldap_bind_dn }}" read
+          by self read
+          by * none
+  args:
+    server_uri: ldapi:///
+    sasl_mech: EXTERNAL