-
Notifications
You must be signed in to change notification settings - Fork 21
/
main.yml
51 lines (46 loc) · 1.76 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
- name: Create /root/localhost.inf
template:
src: instance.inf
dest: /root/localhost.inf
owner: root
group: root
mode: 0600
- name: Create directory server instance
shell: |
dscreate from-file /root/localhost.inf
args:
creates: '/etc/dirsrv/slapd-localhost'
- name: Install ldap certificate
shell: |
dsconf localhost security ca-certificate add --file /data/certs/ca.crt --name "sssd-ca"
dsconf localhost security ca-certificate set-trust-flags "sssd-ca" --flags "CT,,"
dsctl localhost tls import-server-key-cert /data/certs/master.ldap.test.crt /data/certs/master.ldap.test.key
- name: Grant read-only anonymous access
shell: |
ldapmodify -D "{{ service.ldap.bind.dn }}" -w "{{ service.ldap.bind.password }}" -H ldap://localhost -x
args:
stdin: |
dn: {{ service.ldap.suffix }}
changetype: modify
add: aci
aci: (targetattr=*)(version 3.0; acl "Enable anyone read"; allow (read, search, compare)(userdn="ldap:///anyone");)
register: ldapmod
failed_when:
- 'ldapmod.rc != 0 and "ldap_modify: Type or value exists" not in ldapmod.stderr'
- name: 'Install additional schema: passkey'
shell: |
ldapmodify -D "{{ service.ldap.bind.dn }}" -w "{{ service.ldap.bind.password }}" -H ldap://localhost -x
args:
stdin: |
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 2.16.840.1.113730.3.8.24.27 NAME 'passkey' DESC 'Passkey mapping' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
add: objectclasses
objectclasses: ( 2.16.840.1.113730.3.8.24.9 NAME 'passkeyUser' DESC 'IPA passkey user' AUXILIARY MAY passkey)
- name: Restart LDAP service
service:
name: dirsrv@localhost.service
enabled: yes
state: restarted