82 lines
2.4 KiB
YAML
82 lines
2.4 KiB
YAML
---
|
|
- name: verify if openldap is installed
|
|
stat:
|
|
path: /usr/sbin/slapd
|
|
register: slapd_installed
|
|
|
|
- name: install openldap
|
|
yum:
|
|
enablerepo: plus
|
|
name:
|
|
- openldap-servers
|
|
- openldap-clients
|
|
state: installed
|
|
|
|
# - name: copy DB_CONFIG
|
|
# shell: "{{ item }}"
|
|
# with_items:
|
|
# - "cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG"
|
|
# - "chown ldap:ldap /var/lib/ldap/DB_CONFIG"
|
|
# changed_when: false
|
|
|
|
- name: start and enable the openldap service
|
|
systemd_service:
|
|
state: started
|
|
name: slapd
|
|
enabled: true
|
|
|
|
- name: create manager passwd
|
|
shell: slappasswd -s {{ plain_ldapmanager_passwd }}
|
|
register: ldapmanager_passwd
|
|
|
|
- name: copy chrootpw.ldif files
|
|
template:
|
|
src: ldap/chdomain.ldif.j2
|
|
dest: /root/chdomain.ldif
|
|
|
|
- name: create admin cyrus passwd
|
|
shell: "slappasswd -v -s {{ plain_admincyrus_passwd }}"
|
|
register: admincyrus_passwd
|
|
|
|
- name: create mail admin passwd
|
|
shell: "slappasswd -v -s {{ plain_mailadmin_passwd }}"
|
|
register: mailadmin_passwd
|
|
|
|
- name: create ldap admin passwd
|
|
shell: "slappasswd -v -s {{ plain_ldapadmin_passwd }}"
|
|
register: ldapadmin_passwd
|
|
|
|
- name: create ldap access passwd
|
|
shell: "slappasswd -v -s {{ plain_ldapaccess_passwd }}"
|
|
register: ldapaccess_passwd
|
|
|
|
- name: create ldap access passwd
|
|
shell: "slappasswd -v -s {{ plain_ldap_passwd }}"
|
|
register: ldap_passwd
|
|
|
|
- name: copy users.ldif files
|
|
template:
|
|
src: ldap/users.ldif.j2
|
|
dest: /root/users.ldif
|
|
|
|
- name: copy ldif files
|
|
copy:
|
|
src: "ldap/{{ item }}"
|
|
dest: "/root/{{ item }}"
|
|
with_items:
|
|
- base.ldif
|
|
|
|
#
|
|
- name: import schema, config, base and users
|
|
shell: "{{ item }}"
|
|
with_items:
|
|
- "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif"
|
|
- "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif"
|
|
- "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif"
|
|
- "ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/chdomain.ldif"
|
|
- "ldapadd -x -D cn=Manager,dc=stage-ge,dc=org -w {{ plain_ldapmanager_passwd }} -f /root/base.ldif"
|
|
- "ldapadd -x -D cn=Manager,dc=stage-ge,dc=org -w {{ plain_ldapmanager_passwd }} -f /root/users.ldif"
|
|
when: not slapd_installed.stat.exists
|
|
notify: restart_slapd
|
|
#
|