ldapauth changes
This commit is contained in:
parent
1bf036f6c1
commit
a56dd65e0d
13
roles/ldapauth/files/ldap.conf
Normal file
13
roles/ldapauth/files/ldap.conf
Normal file
@ -0,0 +1,13 @@
|
||||
#
|
||||
# LDAP Defaults
|
||||
#
|
||||
|
||||
# See ldap.conf(5) for details
|
||||
# This file should be world readable but not world writable.
|
||||
|
||||
BASE dc=lovelynet,dc=net
|
||||
URI ldap://ipa.lovelynet.net
|
||||
|
||||
#SIZELIMIT 12
|
||||
#TIMELIMIT 15
|
||||
#DEREF never
|
||||
35
roles/ldapauth/tasks/install.yml
Normal file
35
roles/ldapauth/tasks/install.yml
Normal file
@ -0,0 +1,35 @@
|
||||
---
|
||||
- name: Openldap is installed and up to date (rhel)
|
||||
ansible.builtin.yum:
|
||||
name: "{{ item }}"
|
||||
state: latest
|
||||
loop:
|
||||
- openldap
|
||||
- openldap-clients
|
||||
- nss-pam-ldapd
|
||||
tags:
|
||||
- setup
|
||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'AlmaLinux'
|
||||
|
||||
- name: Openldap is installed and up to date (debian)
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
loop:
|
||||
- openldap
|
||||
- nss-pam-ldapd
|
||||
tags:
|
||||
- setup
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||
|
||||
- name: Openldap is installed and up to date (arch)
|
||||
community.general.pacman:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- openldap
|
||||
- nss-pam-ldapd
|
||||
tags:
|
||||
- setup
|
||||
when: ansible_distribution == 'Archlinux'
|
||||
28
roles/ldapauth/tasks/main.yml
Normal file
28
roles/ldapauth/tasks/main.yml
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
|
||||
- name: Install openldap
|
||||
ansible.builtin.include_tasks:
|
||||
file: install.yml
|
||||
apply:
|
||||
tags:
|
||||
- setup
|
||||
tags:
|
||||
- setup
|
||||
|
||||
- name: Copy config file
|
||||
ansible.builtin.include_tasks:
|
||||
file: sync_conf.yml
|
||||
apply:
|
||||
tags:
|
||||
- setup
|
||||
tags:
|
||||
- setup
|
||||
|
||||
- name: Modify nsswitch conf
|
||||
ansible.builtin.include_tasks:
|
||||
file: update_nss.yml
|
||||
apply:
|
||||
tags:
|
||||
- setup
|
||||
tags:
|
||||
- setup
|
||||
7
roles/ldapauth/tasks/sync_conf.yml
Normal file
7
roles/ldapauth/tasks/sync_conf.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: Copy over ldap conf
|
||||
ansible.builtin.copy:
|
||||
src: ldap.conf
|
||||
dest: /etc/openldap/ldap.conf
|
||||
tags:
|
||||
- setup
|
||||
7
roles/ldapauth/tasks/sync_conf.yml.bak
Normal file
7
roles/ldapauth/tasks/sync_conf.yml.bak
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: fuck
|
||||
ansible.builtin.file:
|
||||
- src: ldap.conf
|
||||
- dst: /etc/openldap/ldap.conf
|
||||
tags:
|
||||
- setup
|
||||
12
roles/ldapauth/tasks/update_nss.yml
Normal file
12
roles/ldapauth/tasks/update_nss.yml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: Update NSSWITCH
|
||||
ansible.builtin.shell:
|
||||
cmd: grep '^{{ item }}.*ldap' /etc/nsswitch.conf && exit 0 || sed -i '/{{ item }}/ s/$/ ldap/' /etc/nsswitch.conf
|
||||
register: nssdata
|
||||
tags:
|
||||
- setup
|
||||
loop:
|
||||
- passwd
|
||||
- shadow
|
||||
- group
|
||||
changed_when: "nssdata.stdout_lines|length == 0"
|
||||
Loading…
x
Reference in New Issue
Block a user