forked from infra/ansible
Add ldap-client role.
This commit is contained in:
parent
7ca8e1ad50
commit
8b41211346
33
roles/ldap-client/files/ldap.crt
Normal file
33
roles/ldap-client/files/ldap.crt
Normal file
@ -0,0 +1,33 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFuTCCA6GgAwIBAgIJANVP+EmgIyEFMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV
|
||||
BAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRMwEQYDVQQHDApSZWdlbnNidXJnMRww
|
||||
GgYDVQQKDBNCaW5hcnkgS2l0Y2hlbiBlLlYuMR8wHQYDVQQDDBZCaW5hcnkgS2l0
|
||||
Y2hlbiBSb290IENBMB4XDTE1MDUyMjA3MDcyN1oXDTI1MDUxOTA3MDcyN1owczEL
|
||||
MAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExEzARBgNVBAcMClJlZ2Vuc2J1
|
||||
cmcxHDAaBgNVBAoME0JpbmFyeSBLaXRjaGVuIGUuVi4xHzAdBgNVBAMMFkJpbmFy
|
||||
eSBLaXRjaGVuIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
|
||||
AQCwBmbxYSdTH+Ti2UdjpLRbSjA4uMRjJpVus0IviOtjr5nbfx/uA4b+UuhU0FS6
|
||||
69vjuBeheu85SCQLZVA3If2qttlBNPvW8/WzQtmHqAK4jMGTIeD5PNH75bhIafMu
|
||||
LWz5nRcagWoKVeumi9dhFofuoO6uSv1BdSbwK3gYkt5guKl5Pio9HITSFP961ndQ
|
||||
n6dBLPvy4m+pJ6MZxhzaQIvxRr9uVRJieHH9Yl/CQcl2d1YQ24/KNiFFdF2NPyKE
|
||||
+eFl8UWl/6sHS8tqLwhs4qeJCL1ir/1bjr8mZigflBE4mwtuV8EDF0pWWOyYehii
|
||||
NLcS3LfLzv25N9mwhwGMJqLTDihtkcBCNx3c2qFrri1MvXy/KFrHKh2jt9pvgYDX
|
||||
M2+g+tm+aWXfylu6k1GOIByT5ALktUzhfwuxk0SdplZNUqSfu1DccvxP9hbtSZPP
|
||||
EnARbcTD/wOCSDj+nSG8scUIo3pNHddh0zx+W16kwBoNGHJX+g7vkMJikvYlHo2i
|
||||
6CRdx47MknCgj/jQSPlajxAH5zzDcABbFRoRKh/esDEeGaKMKVyKJJFlx4CmHQ53
|
||||
zc/jV3VjQo5yL1v3YUYllccZeXmGQb5UJoSRfpE+mvO9+EYAxWLydswNeQI1f1r8
|
||||
CTWlD4tT0gooZzGKpw58Zp3IacXIzjDT5Ri2xfB+Oo4WaQIDAQABo1AwTjAdBgNV
|
||||
HQ4EFgQU7MXazC3sn6xTIDkKtBv4AvYcob0wHwYDVR0jBBgwFoAU7MXazC3sn6xT
|
||||
IDkKtBv4AvYcob0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAq/fD
|
||||
BfaVi1KjRANxHKXmADqN0UpSdVoB2qKsj9nJ07fdS38rUqA+QjU+zmCufVkmMxKf
|
||||
es3qZz5fOHkVHAiOt65XWFtYK62JByr4LomLDVDWSM4BmbU4aB8ix9ZPOr+NmB4B
|
||||
QX99w0aMknO/ohVQ7InubgsXMaKA8kggCtpBQkfwcF2ntIGvyeuPJYwAWG19iH4a
|
||||
uAvOdgyDCuta6UI5UPCdYdArFv3hn6+ht60tMdxo1qq9KUlyqZ3AX1Xd4+krLlCI
|
||||
Kp+qfcyJ1igD5wT50egOAvc9SydFaXgAUIjt3oY5YYvP+MWmVMI107jl4jfMnQeI
|
||||
G5qIEy9luhrjqJaHfLHyT10IaU/uZB7ZvZx7ElIo1YlTlIcMU8Wg6CJponDh/1aw
|
||||
PbQhtuzk60N5905zDnpSHJSa91JcpVsLPv2ykQfimA8HNH2xS7ORXUJzwvEB1vhM
|
||||
KnGMQB0px7HQtTTCKcDFeqZXygi4nXNygrp+swnO869jV4e6ReeV/RB7nxjd307J
|
||||
gpRdtBbIambnFP74nJUhRk/60VlCDz92f+CTosHM6rdlOxFyX69cZZhoCFU5u4wF
|
||||
ODqfxRzNJPhChozXcciAcLfhx89x0ob92XQenzZzFtylDvUAskhdhTMFLKGHstH7
|
||||
Q8Xr0jNYp5PaGNC5m+m9ngLYe6GzxGol7dLJElc=
|
||||
-----END CERTIFICATE-----
|
||||
6
roles/ldap-client/files/mkhomedir
Normal file
6
roles/ldap-client/files/mkhomedir
Normal file
@ -0,0 +1,6 @@
|
||||
Name: Create home directory during login
|
||||
Default: yes
|
||||
Priority: 900
|
||||
Session-Type: Additional
|
||||
Session:
|
||||
required pam_mkhomedir.so umask=0077 skel=/etc/skel
|
||||
7
roles/ldap-client/handlers/main.yml
Normal file
7
roles/ldap-client/handlers/main.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
|
||||
- name: restart nslcd
|
||||
service: name=nslcd state=restarted
|
||||
|
||||
- name: update pam-auth
|
||||
shell: pam-auth-update --package libpam-modules 2>/dev/null
|
||||
19
roles/ldap-client/tasks/main.yml
Normal file
19
roles/ldap-client/tasks/main.yml
Normal file
@ -0,0 +1,19 @@
|
||||
---
|
||||
|
||||
- name: Install nslcd
|
||||
apt: name=nslcd state=present
|
||||
|
||||
- name: Configure nslcd
|
||||
template: src=nslcd.conf.j2 dest=/etc/nslcd.conf
|
||||
notify: restart nslcd
|
||||
|
||||
- name: Copy LDAP Certificates
|
||||
copy: src=ldap.crt dest=/etc/ssl/ldap.crt mode=0644
|
||||
notify: restart nslcd
|
||||
|
||||
- name: Configure PAM mkhomedir
|
||||
copy: src=mkhomedir dest=/usr/share/pam-configs/mkhomedir mode=0644
|
||||
notify: update pam-auth
|
||||
|
||||
- name: Start the nslcd service
|
||||
service: name=nslcd state=started enabled=yes
|
||||
35
roles/ldap-client/templates/nslcd.conf.j2
Normal file
35
roles/ldap-client/templates/nslcd.conf.j2
Normal file
@ -0,0 +1,35 @@
|
||||
# /etc/nslcd.conf
|
||||
# nslcd configuration file. See nslcd.conf(5)
|
||||
# for details.
|
||||
|
||||
# The user and group nslcd should run as.
|
||||
uid nslcd
|
||||
gid nslcd
|
||||
|
||||
# The location at which the LDAP server(s) should be reachable.
|
||||
uri {{ nslcd_uri }}
|
||||
|
||||
# The search base that will be used for all queries.
|
||||
base {{ nslcd_base }}
|
||||
|
||||
# The LDAP protocol version to use.
|
||||
#ldap_version 3
|
||||
|
||||
# The DN to bind with for normal lookups.
|
||||
binddn {{ nslcd_binddn }}
|
||||
bindpw {{ nslcd_bindpw }}
|
||||
|
||||
# The DN used for password modifications by root.
|
||||
#rootpwmoddn cn=admin,dc=example,dc=com
|
||||
|
||||
# The search scope.
|
||||
scope one
|
||||
|
||||
# Customize certain database lookups.
|
||||
base group {{ nslcd_base_group }}
|
||||
base passwd {{ nslcd_base_passwd }}
|
||||
base shadow {{ nslcd_base_shadow }}
|
||||
|
||||
# SSL options
|
||||
tls_reqcert demand
|
||||
tls_cacertfile /etc/ssl/ldap.crt
|
||||
9
roles/ldap-client/vars/main.yml
Normal file
9
roles/ldap-client/vars/main.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
|
||||
nslcd_uri: ldaps://ldap.binary.kitchen/
|
||||
nslcd_base: dc=binary-kitchen,dc=de
|
||||
nslcd_binddn: cn=Services,ou=Roles,dc=binary-kitchen,dc=de
|
||||
nslcd_bindpw: svcpwd
|
||||
nslcd_base_group: ou=Groups,dc=binary-kitchen,dc=de
|
||||
nslcd_base_shadow: ou=Users,dc=binary-kitchen,dc=de
|
||||
nslcd_base_passwd: ou=Users,dc=binary-kitchen,dc=de
|
||||
Loading…
Reference in New Issue
Block a user