forked from infra/ansible
Fix LDAP and adjust to new schema.
This commit is contained in:
parent
cf3667ddcf
commit
f5146bf438
@ -4,16 +4,16 @@ ldap_ca: /etc/ldap/ssl/BKCA.crt
|
||||
ldap_uri: ldaps://ldap.binary.kitchen/
|
||||
ldap_host: ldap.binary.kitchen
|
||||
ldap_base: dc=binary-kitchen,dc=de
|
||||
ldap_binddn: cn=Services,ou=Roles,dc=binary-kitchen,dc=de
|
||||
ldap_binddn: cn=Services,ou=roles,dc=binary-kitchen,dc=de
|
||||
ldap_bindpw: svcpwd
|
||||
|
||||
mail_domain: binary-kitchen.de
|
||||
mail_server: mail.binary-kitchen.de
|
||||
mailman_domain: lists.binary-kitchen.de
|
||||
|
||||
nslcd_base_group: ou=Groups,dc=binary-kitchen,dc=de
|
||||
nslcd_base_shadow: ou=Users,dc=binary-kitchen,dc=de
|
||||
nslcd_base_passwd: ou=Users,dc=binary-kitchen,dc=de
|
||||
nslcd_base_group: ou=groups,dc=binary-kitchen,dc=de
|
||||
nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de
|
||||
nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de
|
||||
|
||||
ntp_servers:
|
||||
- 172.23.1.61
|
||||
|
||||
20
roles/ldap-pam/files/nsswitch.conf
Normal file
20
roles/ldap-pam/files/nsswitch.conf
Normal file
@ -0,0 +1,20 @@
|
||||
# /etc/nsswitch.conf
|
||||
#
|
||||
# Example configuration of GNU Name Service Switch functionality.
|
||||
# If you have the `glibc-doc-reference' and `info' packages installed, try:
|
||||
# `info libc "Name Service Switch"' for information about this file.
|
||||
|
||||
passwd: files ldap
|
||||
group: files ldap
|
||||
shadow: files ldap
|
||||
gshadow: files
|
||||
|
||||
hosts: files dns
|
||||
networks: files
|
||||
|
||||
protocols: db files
|
||||
services: db files
|
||||
ethers: db files
|
||||
rpc: db files
|
||||
|
||||
netgroup: nis
|
||||
@ -1,5 +1,8 @@
|
||||
---
|
||||
|
||||
- name: Restart nscd
|
||||
service: name=nscd state=restarted
|
||||
|
||||
- name: Restart nslcd
|
||||
service: name=nslcd state=restarted
|
||||
|
||||
|
||||
@ -9,6 +9,11 @@
|
||||
notify: Restart nslcd
|
||||
tags: ldap
|
||||
|
||||
- name: Configure nsswitch
|
||||
copy: src=nsswitch.conf dest=/etc/nsswitch.conf
|
||||
notify: Restart nscd
|
||||
tags: ldap
|
||||
|
||||
- name: Configure PAM mkhomedir
|
||||
copy: src=mkhomedir dest=/usr/share/pam-configs/mkhomedir mode=0644
|
||||
notify: Update pam-auth
|
||||
|
||||
@ -51,6 +51,7 @@ access to attrs=userPassword
|
||||
by * none
|
||||
access to attrs=loginShell
|
||||
by self write
|
||||
by users read
|
||||
by * none
|
||||
access to *
|
||||
by self read
|
||||
|
||||
Loading…
Reference in New Issue
Block a user