Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
---
# tasks file for ansible-role-test-openldap-server
- name: Create {{temp_dir}}
file:
path={{temp_dir}}
state=directory
- name: Install OpenLDAP packages and necessary packages
package:
name: "{{item}}"
state: present
with_items:
- openldap
- compat-openldap
- openldap-clients
- openldap-servers
- openldap-devel
become: true
- name: Stop OpenLDAP Server
systemd:
name: slapd
state: stopped
when: clean_all
- name: List OpenLDAP Files
command: "ls /var/lib/ldap"
register: ldap_files
when: clean_all
- name: Remove OpenLDAP Data
file: path="/var/lib/ldap/{{item}}" state=absent force=true
with_items:
- "{{ldap_files.stdout_lines}}"
when: clean_all
- name: Start OpenLDAP Server
systemd:
name: slapd
state: started
enabled: True
- name: Get RootPW for openLDAP
shell: "slappasswd -s redhat"
register: ldap_root_rw
- name: Set RootPW as var
set_fact:
ROOT_PW: "{{ldap_root_rw.stdout}}"
- name: Copy db.ldif file to {{temp_dir}}
template: src="db.ldif.j2" dest={{temp_dir}}/db.ldif
- name: Modify ldap with db.ldif
shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f {{temp_dir}}/db.ldif
- name: Copy monitor.ldif to {{temp_dir}}
template: src="monitor.ldif.j2" dest={{temp_dir}}/monitor.ldif
- name: Modify ldap with monitor.ldif
shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f {{temp_dir}}/monitor.ldif
- name: Apply SSL
block:
- name: Copy certs.ldif to {{temp_dir}}
template: src="certs.ldif.j2" dest={{temp_dir}}/certs.ldif
- name: Copy Cert to /etc/openldap/certs/
copy: src={{ssl_cert}} dest=/etc/openldap/certs/{{ssl_cert|basename}} owner=ldap group=ldap
- name: Copy CA Cert to /etc/openldap/certs
copy: src={{ssl_ca_cert}} dest=/etc/openldap/certs/{{ssl_ca_cert|basename}} owner=ldap group=ldap
- name: Copy Private key to /etc/openldap/certs
copy: src={{ssl_private_key}} dest=/etc/openldap/certs/{{ssl_private_key|basename}} owner=ldap group=ldap
- name: Add ldaps:// into /etc/sysconfig/slapd
lineinfile:
path: /etc/sysconfig/slapd
regexp: 'ldap:\/\/\/'
line: 'SLAPD_URLS="ldapi:/// ldap:/// ldaps:///"'
- name: Modify ldap with certs.ldif
shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f {{temp_dir}}/certs.ldif
- name: Start OpenLDAP Server
systemd:
name: slapd
state: restarted
when: ssl
- name: Test LDAP server
shell: slaptest -u
when: ssl
- name: Check if cosine/nis/inetorgperson data exist(1)
shell: "ldapsearch -Y EXTERNAL -H ldapi:/// -b \"cn=schema,cn=config\" |egrep '^cn(.*cosine|.*nis|.*inetorgperson)'> ldapsearch_cosine_nis_inet"
ignore_errors: yes
- name: Check if cosine/nis/inetorgperson data exist(2)
shell: "cat ldapsearch_cosine_nis_inet|wc -l"
register: default_data_exist
- name: Setup ldap with default example ldif files
copy: src=/usr/share/openldap-servers/DB_CONFIG.example dest=/var/lib/ldap/DB_CONFIG remote_src=yes
- name: Change UID/GID of /var/lib/ldap/*
file:
path: /var/lib/ldap
owner: ldap
group: ldap
recurse: yes
- name: Add cosine/nis/inetoragperson ldif to ldap server
shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/{{item}}
with_items:
- cosine.ldif
- nis.ldif
- inetorgperson.ldif
when: default_data_exist.stdout|int < 3
- name: Copy base.ldif to {{temp_dir}} > this is the default user/group data
copy: src=base.ldif dest="{{temp_dir}}/base.ldif"
- name: Add the default user/group data with base.ldif
shell: ldapadd -x -w redhat -D "cn=read-only-admin,dc=example,dc=com" -f {{temp_dir}}/base.ldif
- name: Copy user-passwd.ldif to {{temp_dir}}
copy: src=users-passwd.ldif dest="{{temp_dir}}/users-passwd.ldif"
- name: Modify pw of users
shell: ldapadd -x -w redhat -D "cn=read-only-admin,dc=example,dc=com" -f {{temp_dir}}/users-passwd.ldif
# - name: Firewalld add rule for ldap
#