diff --git a/roles/ldapserver/tasks/main.yml b/roles/ldapserver/tasks/main.yml index c6bf89bd675971c10a8fc986f22f8e04962e8aa4..6035f190e67b809d4a8abca5bbe5c142ca966996 100644 --- a/roles/ldapserver/tasks/main.yml +++ b/roles/ldapserver/tasks/main.yml @@ -8,15 +8,13 @@ file: "{{ ansible_distribution }}.yml" - name: install system packages apt - apt: name={{ item }} state=present update_cache=true + apt: name={{ system_packages }} state=present update_cache=true become: true - with_items: "{{ system_packages }}" when: ansible_os_family == 'Debian' - name: install system packages yum - yum: name={{ item }} state=present + yum: name={{ system_packages }} state=present become: true - with_items: "{{ system_packages }}" when: ansible_os_family == 'RedHat' - name: Fixed default configuration @@ -89,20 +87,20 @@ become: true - name: copy cert - copy: src="files/{{ ldapCert }}" dest="{{ ldapCertDest }}" + copy: src="files_services/{{ ldapCert }}" dest="{{ ldapCertDest }}" become: true - name: copy ca cert - copy: src="files/{{ ldapCAChain }}" dest="{{ ldapCAChainDest }}" + copy: src="files_services/{{ ldapCAChain }}" dest="{{ ldapCAChainDest }}" become: true - name: copy ca root cert - copy: src="files/{{ ldap_TLSCARoot }}" dest="{{ ldapCARootDest }}" + copy: src="files_services/{{ ldap_TLSCARoot }}" dest="{{ ldapCARootDest }}" become: true when: ldap_TLSCARoot is defined - name: copy key - copy: src="files/{{ ldapKey }}" dest="{{ ldapKeyDest }}" mode=600 owner={{ ldapuser }} group={{ ldapgroup }} + copy: src="files_services/{{ ldapKey }}" dest="{{ ldapKeyDest }}" mode=600 owner={{ ldapuser }} group={{ ldapgroup }} become: true - name: enable ssl centos @@ -115,14 +113,14 @@ become: true when: ansible_os_family == 'RedHat' and ansible_distribution_major_version >= '7' -- name: check TLS config +- name: check TLS config is present shell: "slapcat -b cn=config | grep 'olcTLSCertificateKeyFile: {{ ldapKeyDest }}'" ignore_errors: true become: true register: tlsConfigured - name: copy db config - copy: src=files/DB_CONFIG dest=/var/lib/ldap/DB_CONFIG owner=ldap group=ldap mode=644 + copy: src=files/DB_CONFIG dest=/var/lib/ldap/DB_CONFIG owner={{ ldapuser }} group={{ ldapgroup }} mode=644 become: true - name: start ldap @@ -132,7 +130,7 @@ - name: initialise server ssl shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/ssl.ldif -D cn=config become: true - when: tlsConfigured|failed + when: tlsConfigured.failed - name: Initialise cosine and ppolicy shell: ldapadd -Y EXTERNAL -H ldapi:/// -f {{ ldapDir }}/schema/{{ item }}.ldif -D cn=config @@ -144,15 +142,22 @@ ignore_errors: true become: true +- name: check auxposixgroup is present + shell: "slapcat -b cn=auxPosixGroup,cn=schema,cn=config | grep auxPosixGroup" + ignore_errors: true + become: true + register: auxposixgroup + - name: copy the auxposixgroup schema copy: src="files/auxposixgroup.ldif" dest="{{ ldapDir }}/schema/auxposixgroup.ldif" - become: True + become: true become_user: root - name: load the auxposixgroup schema shell: ldapadd -Y EXTERNAL -H ldapi:/// -f "{{ ldapDir }}/schema/auxposixgroup.ldif" -D cn=config become_user: root - become: True + become: true + when: auxposixgroup.failed - name: check ppolicy module loaded shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}ppolicy" @@ -163,7 +168,7 @@ - name: load ppolicy module shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_modules.ldif -D cn=config become: true - when: ppolicyModuleLoaded|failed + when: ppolicyModuleLoaded.failed - name: check ppolicy overlay config shell: "slapcat -b cn=config | grep 'dn: olcOverlay={.*}ppolicy,olcDatabase={.*}.db,cn=config'" @@ -174,7 +179,7 @@ - name: add ppolicy overlay shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/ppolicy_overlay.ldif -D cn=config become: true - when: ppolicyOverlayConfigured|failed + when: ppolicyOverlayConfigured.failed - name: check refint module loaded shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}refint" @@ -185,7 +190,7 @@ - name: load refint module shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_refint.ldif -D cn=config become: true - when: refintModuleLoaded|failed + when: refintModuleLoaded.failed - name: check memberof module loaded shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}memberof" @@ -196,28 +201,10 @@ - name: load memberof module shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_memberof.ldif -D cn=config become: true - when: memberofModuleLoaded|failed - -- name: check member of config - shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcMemberOf" - ignore_errors: true - register: memberOfConfigured - -- name: add member of config - shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/memberOfConfig.ldif - when: memberOfConfigured|failed - -- name: check refinit config - shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcRefintConfig" - ignore_errors: true - register: refintConfigured - -- name: add refint config - shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/refint_config.ldif - when: refintConfigured|failed + when: memberofModuleLoaded.failed - name: check Manager config - shell: "slapcat -b cn=config | grep 'olcRootDN: {{ ldapManager }}'" + shell: "slapcat -b cn=config | grep 'olcRootDN: {{ ldapManagerDN }}'" ignore_errors: true become: true register: managerConfigured @@ -225,16 +212,33 @@ - name: initialise server manager shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/manager.ldif -D cn=config become: true - when: managerConfigured|failed -- name: initialise server manager +# when: managerConfigured.failed + +- name: initialise server manager2 shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/manager2.ldif -D cn=config become: true ignore_errors: true - when: managerConfigured|failed -- name: initialise server manager - shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/manager3.ldif -D cn=config +# when: managerConfigured.failed + +- name: check member of config + shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcMemberOf" + ignore_errors: true + register: memberOfConfigured + +- name: add member of config + shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/memberOfConfig.ldif -D cn=config + when: memberOfConfigured.failed + become: true + +- name: check refinit config + shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcRefintConfig" + ignore_errors: true + register: refintConfigured + +- name: add refint config + shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/refint_config.ldif + when: refintConfigured.failed become: true - when: managerConfigured|failed # slapcat does a line wrap at character 78. Don't attempt to match on {{ ldapManager }} as it will cross two lines - name: check ACL config @@ -249,57 +253,57 @@ - name: initialise server acls shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/acls.ldif -D cn=config become: true - when: aclConfigured|failed + when: aclConfigured.failed - name: check DIT config - shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapBase }} -x -H ldap://localhost objectClass=dcObject" + shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapBase }} -x -H ldap://localhost objectClass=dcObject" ignore_errors: true register: ditConfigured - name: add DIT root - shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/root.ldif - when: ditConfigured|failed + shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/root.ldif + when: ditConfigured.failed - name: check real Accounts config - shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapAccountBase }} -x -H ldap://localhost objectClass=*" + shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapAccountBase }} -x -H ldap://localhost objectClass=*" ignore_errors: true register: realAccountsConfigured when: ldapAccountBase is defined - name: add real Accounts OU - shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/real_accounts.ldif - when: realAccountsConfigured is defined and realAccountsConfigured|failed + shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/real_accounts.ldif + when: realAccountsConfigured is defined and realAccountsConfigured.failed - name: check Groups config - shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=*" + shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=*" ignore_errors: true register: groupsConfigured - name: add Groups OU - shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/groups.ldif - when: groupsConfigured|failed + shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/groups.ldif + when: groupsConfigured.failed - name: check aclroups config - shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapAclGroupBase }} -x -H ldap://localhost objectClass=*" + shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapAclGroupBase }} -x -H ldap://localhost objectClass=*" ignore_errors: true register: aclgroupsConfigured - name: add aclgroups OU - shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/acl_groups.ldif - when: aclgroupsConfigured|failed + shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/acl_groups.ldif + when: aclgroupsConfigured.failed - name: check Accounts config - shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapUserBase }} -x -H ldap://localhost objectClass=*" + shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapUserBase }} -x -H ldap://localhost objectClass=*" ignore_errors: true register: accountsConfigured - name: add Accounts OU - shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/accounts.ldif - when: accountsConfigured|failed + shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/accounts.ldif + when: accountsConfigured.failed - name: check binddn config - shell: "ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b {{ ldapDomain }} -x -H ldap://localhost objectClass=dcObject" + shell: "ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b {{ ldapBase }} -x -H ldap://localhost objectClass=dcObject" ignore_errors: true register: binddnConfigured @@ -312,25 +316,45 @@ become: true - name: add binddn - shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/binddn.ldif + shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/binddn.ldif become: true - when: binddnConfigured|failed + when: binddnConfigured.failed - name: check pwpolicies config - shell: ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b ou=pwpolicies,{{ ldapDomain }} objectClass=* + shell: ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b ou=pwpolicies,{{ ldapBase }} objectClass=* ignore_errors: true register: pwpoliciesConfigured - name: add pwpolicies - shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -f /tmp/pwpolicies.ldif - when: pwpoliciesConfigured|failed + shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -f /tmp/pwpolicies.ldif + when: pwpoliciesConfigured.failed - name: check defaultPwpolicy config - shell: ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b cn=default,ou=pwpolicies,{{ ldapDomain }} objectClass=* + shell: ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b cn=default,ou=pwpolicies,{{ ldapBase }} objectClass=* ignore_errors: true register: defaultPpolicyConfigured - name: add defaultPwpolicy - shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -f /tmp/default_ppolicy.ldif - when: defaultPpolicyConfigured|failed + shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -f /tmp/default_ppolicy.ldif + when: defaultPpolicyConfigured.failed + +- name: template monitoruser.ldif + template: src=monitoruser.ldif.j2 dest=/tmp/monitoruser.ldif + +- name: template monitoruser.ldif + template: src=monitoring.ldif.j2 dest=/tmp/monitoring.ldif + +- name: check monitoruser + shell: 'slapcat -b cn=monitor,ou=People,dc=erc,dc=monash,dc=edu,dc=au | grep "cn: monitor"' + ignore_errors: true + register: monitoruser + become: true + +- name: add monitoruser + #shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -f /tmp/default_ppolicy.ldif + shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -H ldap://localhost -f /tmp/monitoruser.ldif + when: monitoruser.failed +- name: add monitoruser + shell: ldapmodify -Y external -H ldapi:// -f /tmp/monitoring.ldif + when: monitoruser.failed diff --git a/roles/ldapserver/templates/acls_ldif.j2 b/roles/ldapserver/templates/acls_ldif.j2 index 58a7bc074e234660600c8b1248c4b3ac1a546d4c..1f466ece54b88dc16a574ba13c0f762bf19458d7 100644 --- a/roles/ldapserver/templates/acls_ldif.j2 +++ b/roles/ldapserver/templates/acls_ldif.j2 @@ -1,6 +1,6 @@ dn: {{ dbname }},cn=config changetype: modify add: olcAccess -olcAccess: {0}to attrs=userPassword by dn="{{ ldapManager }}" write by self write by * auth -olcAccess: {1}to attrs=shadowLastChange by dn="{{ ldapManager }}" write by self write by * read +olcAccess: {0}to attrs=userPassword by dn="{{ ldapManagerDN }}" write by self write by * auth +olcAccess: {1}to attrs=shadowLastChange by dn="{{ ldapManagerDN }}" write by self write by * read olcAccess: {2}to * by users read by anonymous auth diff --git a/roles/ldapserver/templates/default_ppolicy_ldif.j2 b/roles/ldapserver/templates/default_ppolicy_ldif.j2 index 7400bc39342ea7d6e65017207be6c37ef8c5b6ba..fc1aed47c2024f7d6cddfab08bd28c450a293142 100644 --- a/roles/ldapserver/templates/default_ppolicy_ldif.j2 +++ b/roles/ldapserver/templates/default_ppolicy_ldif.j2 @@ -1,4 +1,4 @@ -dn: cn=default,ou=pwpolicies,{{ ldapDomain }} +dn: cn=default,ou=pwpolicies,{{ ldapBase }} cn: default objectClass: pwdPolicy objectClass: top diff --git a/roles/ldapserver/templates/load_memberof_ldif.j2 b/roles/ldapserver/templates/load_memberof_ldif.j2 index c47d42097a1b477454c370d40da90508ab00f911..dc3e09ce1d0b21b03c0fc80c112967235d1b432e 100644 --- a/roles/ldapserver/templates/load_memberof_ldif.j2 +++ b/roles/ldapserver/templates/load_memberof_ldif.j2 @@ -1,4 +1,5 @@ -dn: cn=module{0},cn=config -changetype: modify -add: olcModuleLoad +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: {{ module_path }} olcModuleLoad: memberof.la diff --git a/roles/ldapserver/templates/load_refint_ldif.j2 b/roles/ldapserver/templates/load_refint_ldif.j2 index 746194ac1bfde224e18b13360ddfc82190d695fe..596c88fbee7cb61799ffe30f0b4a0070a5558437 100644 --- a/roles/ldapserver/templates/load_refint_ldif.j2 +++ b/roles/ldapserver/templates/load_refint_ldif.j2 @@ -1,4 +1,5 @@ -dn: cn=module{0},cn=config -changetype: modify -add: olcModuleLoad +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: {{ module_path }} olcModuleLoad: refint.la diff --git a/roles/ldapserver/templates/manager_ldif.j2 b/roles/ldapserver/templates/manager_ldif.j2 index d6898024803889b30d4e23108ac5ea8e0d87559c..c435dddbff380635f540788f152cc70b20855b5c 100644 --- a/roles/ldapserver/templates/manager_ldif.j2 +++ b/roles/ldapserver/templates/manager_ldif.j2 @@ -1,7 +1,7 @@ dn: {{ dbname }},cn=config changetype: modify replace: olcSuffix -olcSuffix: {{ ldapDomain }} +olcSuffix: {{ ldapBase }} - replace: olcRootDN -olcRootDN: {{ ldapManager }} +olcRootDN: {{ ldapManagerDN }} diff --git a/roles/ldapserver/templates/memberOfConfig_ldif.j2 b/roles/ldapserver/templates/memberOfConfig_ldif.j2 index 61f8685e69dcbc48ad623cf49f0ffa8be87f46ef..80fe6bd4a12a4902c86e6f80012e0ccc0f07c714 100644 --- a/roles/ldapserver/templates/memberOfConfig_ldif.j2 +++ b/roles/ldapserver/templates/memberOfConfig_ldif.j2 @@ -1,4 +1,4 @@ -dn: olcOverlay=memberof,olcDatabase={2}bdb,cn=config +dn: olcOverlay=memberof,{{ dbname }},cn=config objectClass: olcConfig objectClass: olcMemberOf objectClass: olcOverlayConfig diff --git a/roles/ldapserver/templates/monitoring.ldif.j2 b/roles/ldapserver/templates/monitoring.ldif.j2 new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/roles/ldapserver/templates/monitoruser.ldif.j2 b/roles/ldapserver/templates/monitoruser.ldif.j2 new file mode 100644 index 0000000000000000000000000000000000000000..590bb51a14eefbe04c479709962598ed094ff11a --- /dev/null +++ b/roles/ldapserver/templates/monitoruser.ldif.j2 @@ -0,0 +1,5 @@ +dn: cn=monitor,ou=People,dc=erc,dc=monash,dc=edu,dc=au +objectClass: inetOrgPerson +cn: binddn +sn: binddn +userPassword: {{ ldapBindDNHash.stdout }} \ No newline at end of file diff --git a/roles/ldapserver/templates/ppolicy_overlay_ldif.j2 b/roles/ldapserver/templates/ppolicy_overlay_ldif.j2 index 43d27e6e5dff0025e8a0de2302ee5e8b631971c1..5762da02e35d83c00cf76430626d5f9ec9d2b9dc 100644 --- a/roles/ldapserver/templates/ppolicy_overlay_ldif.j2 +++ b/roles/ldapserver/templates/ppolicy_overlay_ldif.j2 @@ -4,4 +4,4 @@ objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcPPolicyHashCleartext: TRUE olcPPolicyUseLockout: FALSE -olcPPolicyDefault: cn=default,ou=pwpolicies,{{ ldapDomain }} +olcPPolicyDefault: cn=default,ou=pwpolicies,{{ ldapBase }} diff --git a/roles/ldapserver/templates/pwpolicies_ldif.j2 b/roles/ldapserver/templates/pwpolicies_ldif.j2 index 1f0b93cd844eea2f418ab6b20a3704c7dbf2e386..609f70cae0a31cf49dff516b8710c03fb71c2dcc 100644 --- a/roles/ldapserver/templates/pwpolicies_ldif.j2 +++ b/roles/ldapserver/templates/pwpolicies_ldif.j2 @@ -1,4 +1,4 @@ -dn: ou=pwpolicies,{{ ldapDomain }} +dn: ou=pwpolicies,{{ ldapBase }} objectClass: organizationalUnit objectClass: top ou: pwpolicies diff --git a/roles/ldapserver/templates/refint_config_ldif.j2 b/roles/ldapserver/templates/refint_config_ldif.j2 index 343e4006320c959ce84d54fefcb54ff6c3181cc3..4b68153ff31bbbc0615ea446acd17ce42ce5bc61 100644 --- a/roles/ldapserver/templates/refint_config_ldif.j2 +++ b/roles/ldapserver/templates/refint_config_ldif.j2 @@ -1,4 +1,4 @@ -dn: olcOverlay=refint,olcDatabase={2}bdb,cn=config +dn: olcOverlay=refint,{{ dbname }},cn=config objectClass: olcConfig objectClass: olcOverlayConfig objectClass: olcRefintConfig diff --git a/roles/ldapserver/templates/root_ldif.j2 b/roles/ldapserver/templates/root_ldif.j2 index c3a43f303bc6f61eff0ecad531fbe96b0fa80e4a..48b00816b5d228f033ccf1407acc6005ca06f1d7 100644 --- a/roles/ldapserver/templates/root_ldif.j2 +++ b/roles/ldapserver/templates/root_ldif.j2 @@ -1,4 +1,4 @@ -dn: {{ ldapDomain }} +dn: {{ ldapBase }} objectClass: dcObject objectClass: organization o: {{ ansible_domain }} diff --git a/roles/ldapserver/vars/Ubuntu.yml b/roles/ldapserver/vars/Ubuntu.yml new file mode 100644 index 0000000000000000000000000000000000000000..c10225e07a2bd8a5f705f6aea96d06b86f130edb --- /dev/null +++ b/roles/ldapserver/vars/Ubuntu.yml @@ -0,0 +1,3 @@ +--- + ldapDir: "/etc/ldap" + module_path: "/usr/lib/ldap" diff --git a/roles/ldapserver/vars/Ubuntu_20.04_x86_64.yml b/roles/ldapserver/vars/Ubuntu_20.04_x86_64.yml new file mode 100644 index 0000000000000000000000000000000000000000..feca8e7de9421eb8c83d4e5d6edb88876185c441 --- /dev/null +++ b/roles/ldapserver/vars/Ubuntu_20.04_x86_64.yml @@ -0,0 +1,9 @@ +--- + system_packages: + - slapd + - ldap-utils + - openssl + + ldapuser: openldap + ldapgroup: openldap + dbname: olcDatabase={1}mdb