From 40a3c14ffd0dafe00a66bd5018a9a87bbde9a6cb Mon Sep 17 00:00:00 2001 From: Someone Date: Sun, 1 Jun 2025 21:55:52 +0200 Subject: [PATCH] [roles/server/ldap-server] install openldap --- .../ldap-server/files/default/slapd.conf | 47 +++++++++++++++++++ roles/server/ldap-server/handlers/main.yml | 13 +++++ roles/server/ldap-server/tasks/main.yml | 44 +++++++++++++++++ 3 files changed, 104 insertions(+) create mode 100644 roles/server/ldap-server/files/default/slapd.conf create mode 100644 roles/server/ldap-server/handlers/main.yml create mode 100644 roles/server/ldap-server/tasks/main.yml diff --git a/roles/server/ldap-server/files/default/slapd.conf b/roles/server/ldap-server/files/default/slapd.conf new file mode 100644 index 0000000..45612b7 --- /dev/null +++ b/roles/server/ldap-server/files/default/slapd.conf @@ -0,0 +1,47 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2025 by someone +# +# /etc/ldap/slapd.d is deleted by ansible +# + +pidfile /var/run/openldap/slapd.pid +#loglevel stats +loglevel none + +moduleload back_mdb +moduleload memberof + +include /etc/ldap/schema/core.schema +include /etc/ldap/schema/cosine.schema +include /etc/ldap/schema/inetorgperson.schema +include /etc/ldap/schema/nis.schema + + +# will this ever be usable? +database config +#access to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" manage by * none +#rootdn cn=root,cn=config +#rootpw CHANGEME + + +database mdb +suffix dc=CHANGEME +directory /var/lib/ldap/ + +access to attrs=userPassword by self write by anonymous auth by * none +access to attrs=shadowLastChange by self write by * read +access to * by * read + +index objectClass eq +index cn,uid eq +index uidNumber,gidNumber eq +index member,memberUid eq + +rootdn cn=root,dc=CHANGEME +rootpw CHANGEME + +overlay memberof diff --git a/roles/server/ldap-server/handlers/main.yml b/roles/server/ldap-server/handlers/main.yml new file mode 100644 index 0000000..06b4d9d --- /dev/null +++ b/roles/server/ldap-server/handlers/main.yml @@ -0,0 +1,13 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2025 by someone +# +--- +- name: restart slapd.service + systemd: + name: slapd.service + daemon_reload: yes + state: restarted + ignore_errors: yes diff --git a/roles/server/ldap-server/tasks/main.yml b/roles/server/ldap-server/tasks/main.yml new file mode 100644 index 0000000..ce1a8f2 --- /dev/null +++ b/roles/server/ldap-server/tasks/main.yml @@ -0,0 +1,44 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2025 by someone +# +--- +- name: install openldap-server + apt: + pkg: + - ldap-server + - ldap-utils + - ldapvi + state: present + policy_rc_d: 101 + tags: "online" + ignore_errors: "{{ignore_online_errors | bool}}" + + +- name: copy slapd.conf + copy: + src: "{{item}}" + dest: "/etc/ldap/slapd.conf" + mode: 0640 + owner: "openldap" + group: "openldap" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/slapd.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/slapd.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/slapd.conf" + - "default/slapd.conf" + notify: restart slapd.service + + +- name: symlink /etc/ldap/slapd.d to /dev/null + file: + path: "/etc/ldap/slapd.d" + state: absent + + +- name: enable and start slapd.service + include_role: name="base/systemd/enable-and-start" + vars: + service_name: slapd.service -- 2.47.2