33 lines
820 B
YAML
33 lines
820 B
YAML
- name: Set LDAP ACLs
|
|
community.general.ldap_attrs:
|
|
dn: olcDatabase={2}mdb,cn=config
|
|
state: exact
|
|
attributes:
|
|
olcAccess:
|
|
- >-
|
|
to attrs=userPassword
|
|
by dn="{{ ldap_admin_dn }}" write
|
|
by dn="{{ ldap_bind_dn }}" read
|
|
by self write
|
|
by anonymous auth
|
|
by * none
|
|
- >-
|
|
to attrs=uid
|
|
by * read
|
|
by anonymous read
|
|
by * none
|
|
- >-
|
|
to attrs=cn,description,member,uniqueMember,memberUid,gidNumber,sudoRole
|
|
by * read
|
|
by * none
|
|
- >-
|
|
to *
|
|
by * read
|
|
by dn="{{ ldap_admin_dn }}" write
|
|
by dn="{{ ldap_bind_dn }}" read
|
|
by self read
|
|
by * none
|
|
args:
|
|
server_uri: ldapi:///
|
|
sasl_class: external
|