Init new ldap server role

2026-01-23 16:26:39 -07:00
parent d18353d2ae
commit 7a377c09e0
7 changed files with 153 additions and 80 deletions
--- a/ansible/roles/openldap_server/tasks/install.yaml
+++ b/ansible/roles/openldap_server/tasks/install.yaml
@@ -0,0 +1,57 @@
+- name: Install epel
+  package:
+    name: epel-release
+    state: present
+
+- name: Install openldap server and other required packages
+  package:
+    name:
+      - openldap-servers
+      - openldap-clients
+      - openldap-devel
+      - cyrus-sasl-devel
+      - openssl
+      - openssl-devel
+    state: present
+
+- name: Permanently enable ldap service firewalld
+  ansible.posix.firewalld:
+    service: ldap
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Permanently enable ldaps service firewalld
+  ansible.posix.firewalld:
+    service: ldaps
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Create ldifs directory
+  file:
+    path: /etc/openldap/ldifs
+    state: directory
+    mode: '0700'
+    owner: ldap
+    group: ldap
+
+- name: Set upldap.conf base
+  lineinfile:
+    path: /etc/openldap/ldap.conf
+    regexp: '^#BASE'
+    line: 'BASE: dc=ldap,dc=home,dc=jthan,dc=io'
+
+- name: Setup ldap.conf URIs
+  lineinfile:
+    path: /etc/openldap/ldap.conf
+    regexp: '^#URI'
+    line: 'URI: ldap://ldap.home.jthan.io'
+
+- name: Enable slapd
+  service:
+    name: slapd
+    state: started
+    enabled: yes