67 lines
1.8 KiB
YAML
67 lines
1.8 KiB
YAML
---
|
|
# roles/ldap_server/tasks/schemas.yml
|
|
- name: Ensure LDAP core schema is loaded
|
|
command: >
|
|
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif
|
|
args:
|
|
creates: /etc/openldap/schema/.core_loaded
|
|
|
|
- name: Ensure LDAP cosine schema is loaded
|
|
command: >
|
|
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
|
|
args:
|
|
creates: /etc/openldap/schema/.cosine_loaded
|
|
|
|
- name: Ensure LDAP inetorgperson schema is loaded
|
|
command: >
|
|
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
|
|
args:
|
|
creates: /etc/openldap/schema/.inetorgperson_loaded
|
|
|
|
- name: Ensure LDAP nis schema is loaded
|
|
command: >
|
|
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
|
|
args:
|
|
creates: /etc/openldap/schema/.nis_loaded
|
|
|
|
- name: Copy sudo schema into place
|
|
copy:
|
|
src: files/sudo.ldif
|
|
dest: /etc/openldap/schema/sudo.ldif
|
|
owner: ldap
|
|
group: ldap
|
|
mode: '0600'
|
|
#
|
|
- name: Copy openssh schema into place
|
|
copy:
|
|
src: files/openssh.ldif
|
|
dest: /etc/openldap/schema/openssh.ldif
|
|
owner: ldap
|
|
group: ldap
|
|
mode: '0600'
|
|
|
|
- name: Ensure custom LDAP schemas (sudo + openssh) are loaded
|
|
command: >
|
|
ldapadd -Y EXTERNAL -H ldapi:/// -f {{ item.file }}
|
|
args:
|
|
creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
|
|
loop:
|
|
- { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" }
|
|
- { name: "openssh", file: "/etc/openldap/schema/openssh.ldif" }
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
|
|
# Touch marker files for idempotency (optional but recommended)
|
|
- name: Ensure marker files exist
|
|
file:
|
|
path: "/etc/openldap/schema/.{{ item.name }}_loaded"
|
|
state: touch
|
|
loop:
|
|
- { name: "core" }
|
|
- { name: "cosine" }
|
|
- { name: "inetorgperson" }
|
|
- { name: "nis" }
|
|
- { name: "sudo" }
|
|
- { name: "openssh" }
|
|
|