cleanup
This commit is contained in:
@@ -1,5 +1,5 @@
|
|||||||
- name: Render user LDIFs
|
- name: Render user LDIFs
|
||||||
ansible.builtin.template:
|
template:
|
||||||
src: user.ldif.j2
|
src: user.ldif.j2
|
||||||
dest: "/tmp/ldap-user-{{ user.uid }}.ldif"
|
dest: "/tmp/ldap-user-{{ user.uid }}.ldif"
|
||||||
mode: '0600'
|
mode: '0600'
|
||||||
|
|||||||
@@ -1,11 +1,11 @@
|
|||||||
---
|
---
|
||||||
- name: restart slapd
|
- name: restart slapd
|
||||||
ansible.builtin.service:
|
service:
|
||||||
name: slapd
|
name: slapd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: reload slapd
|
- name: reload slapd
|
||||||
ansible.builtin.service:
|
service:
|
||||||
name: slapd
|
name: slapd
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
|
|||||||
@@ -1,10 +1,10 @@
|
|||||||
- name: Find main LDAP database DN
|
- name: Find main LDAP database DN
|
||||||
ansible.builtin.command: >
|
command: >
|
||||||
ldapsearch -Y EXTERNAL -H ldapi:/// \
|
ldapsearch -Y EXTERNAL -H ldapi:/// \
|
||||||
-b cn=config '(olcSuffix={{ ldap_basedn }})' dn
|
-b cn=config '(olcSuffix={{ ldap_basedn }})' dn
|
||||||
register: ldap_db_dn
|
register: ldap_db_dn
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Set fact for main database DN
|
- name: Set fact for main database DN
|
||||||
ansible.builtin.set_fact:
|
set_fact:
|
||||||
ldap_main_db_dn: "{{ ldap_db_dn.stdout_lines | select('match','^dn:') | first | regex_replace('^dn: ','') }}"
|
ldap_main_db_dn: "{{ ldap_db_dn.stdout_lines | select('match','^dn:') | first | regex_replace('^dn: ','') }}"
|
||||||
|
|||||||
@@ -1,25 +1,25 @@
|
|||||||
---
|
---
|
||||||
# roles/ldap_server/tasks/schemas.yml
|
# roles/ldap_server/tasks/schemas.yml
|
||||||
- name: Ensure LDAP core schema is loaded
|
- name: Ensure LDAP core schema is loaded
|
||||||
ansible.builtin.command: >
|
command: >
|
||||||
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif
|
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif
|
||||||
args:
|
args:
|
||||||
creates: /etc/openldap/schema/.core_loaded
|
creates: /etc/openldap/schema/.core_loaded
|
||||||
|
|
||||||
- name: Ensure LDAP cosine schema is loaded
|
- name: Ensure LDAP cosine schema is loaded
|
||||||
ansible.builtin.command: >
|
command: >
|
||||||
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
|
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
|
||||||
args:
|
args:
|
||||||
creates: /etc/openldap/schema/.cosine_loaded
|
creates: /etc/openldap/schema/.cosine_loaded
|
||||||
|
|
||||||
- name: Ensure LDAP inetorgperson schema is loaded
|
- name: Ensure LDAP inetorgperson schema is loaded
|
||||||
ansible.builtin.command: >
|
command: >
|
||||||
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
|
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
|
||||||
args:
|
args:
|
||||||
creates: /etc/openldap/schema/.inetorgperson_loaded
|
creates: /etc/openldap/schema/.inetorgperson_loaded
|
||||||
|
|
||||||
- name: Ensure LDAP nis schema is loaded
|
- name: Ensure LDAP nis schema is loaded
|
||||||
ansible.builtin.command: >
|
command: >
|
||||||
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
|
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
|
||||||
args:
|
args:
|
||||||
creates: /etc/openldap/schema/.nis_loaded
|
creates: /etc/openldap/schema/.nis_loaded
|
||||||
@@ -41,7 +41,7 @@
|
|||||||
mode: '0600'
|
mode: '0600'
|
||||||
|
|
||||||
- name: Ensure custom LDAP schemas (sudo + openssh) are loaded
|
- name: Ensure custom LDAP schemas (sudo + openssh) are loaded
|
||||||
ansible.builtin.command: >
|
command: >
|
||||||
ldapadd -Y EXTERNAL -H ldapi:/// -f {{ item.file }}
|
ldapadd -Y EXTERNAL -H ldapi:/// -f {{ item.file }}
|
||||||
args:
|
args:
|
||||||
creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
|
creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
|
||||||
@@ -53,7 +53,7 @@
|
|||||||
|
|
||||||
# Touch marker files for idempotency (optional but recommended)
|
# Touch marker files for idempotency (optional but recommended)
|
||||||
- name: Ensure marker files exist
|
- name: Ensure marker files exist
|
||||||
ansible.builtin.file:
|
file:
|
||||||
path: "/etc/openldap/schema/.{{ item.name }}_loaded"
|
path: "/etc/openldap/schema/.{{ item.name }}_loaded"
|
||||||
state: touch
|
state: touch
|
||||||
loop:
|
loop:
|
||||||
@@ -62,5 +62,5 @@
|
|||||||
- { name: "inetorgperson" }
|
- { name: "inetorgperson" }
|
||||||
- { name: "nis" }
|
- { name: "nis" }
|
||||||
# - { name: "sudo" }
|
# - { name: "sudo" }
|
||||||
# - { name: "openssh" }
|
- { name: "openssh" }
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user