Fix LDAP and adjust to new schema.

2016-04-01 20:27:29 +02:00 · 2016-04-01 20:27:29 +02:00 · f5146bf438
commit f5146bf438
parent cf3667ddcf
5 changed files with 33 additions and 4 deletions
--- a/group_vars/all
+++ b/group_vars/all
@ -4,16 +4,16 @@ ldap_ca: /etc/ldap/ssl/BKCA.crt
 ldap_uri: ldaps://ldap.binary.kitchen/
 ldap_host: ldap.binary.kitchen
 ldap_base: dc=binary-kitchen,dc=de
-ldap_binddn: cn=Services,ou=Roles,dc=binary-kitchen,dc=de
+ldap_binddn: cn=Services,ou=roles,dc=binary-kitchen,dc=de
 ldap_bindpw: svcpwd
 mail_domain: binary-kitchen.de
 mail_server: mail.binary-kitchen.de
 mailman_domain: lists.binary-kitchen.de
-nslcd_base_group: ou=Groups,dc=binary-kitchen,dc=de
+nslcd_base_group: ou=groups,dc=binary-kitchen,dc=de
-nslcd_base_shadow: ou=Users,dc=binary-kitchen,dc=de
+nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de
-nslcd_base_passwd: ou=Users,dc=binary-kitchen,dc=de
+nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de
 ntp_servers:
 - 172.23.1.61
--- a/roles/ldap-pam/files/nsswitch.conf
+++ b/roles/ldap-pam/files/nsswitch.conf
@ -0,0 +1,20 @@
 # /etc/nsswitch.conf
 #
 # Example configuration of GNU Name Service Switch functionality.
 # If you have the `glibc-doc-reference' and `info' packages installed, try:
 # `info libc "Name Service Switch"' for information about this file.
 passwd:         files ldap
 group:          files ldap
 shadow:         files ldap
 gshadow:        files
 hosts:          files dns
 networks:       files
 protocols:      db files
 services:       db files
 ethers:         db files
 rpc:            db files
 netgroup:       nis
--- a/roles/ldap-pam/handlers/main.yml
+++ b/roles/ldap-pam/handlers/main.yml
@ -1,5 +1,8 @@
 ---
 - name: Restart nscd
  service: name=nscd state=restarted
 - name: Restart nslcd
  service: name=nslcd state=restarted
--- a/roles/ldap-pam/tasks/main.yml
+++ b/roles/ldap-pam/tasks/main.yml
@ -9,6 +9,11 @@
  notify: Restart nslcd
  tags: ldap
 - name: Configure nsswitch
  copy: src=nsswitch.conf dest=/etc/nsswitch.conf
  notify: Restart nscd
  tags: ldap
 - name: Configure PAM mkhomedir
  copy: src=mkhomedir dest=/usr/share/pam-configs/mkhomedir mode=0644
  notify: Update pam-auth
--- a/roles/ldap-server/templates/slapd.conf.j2
+++ b/roles/ldap-server/templates/slapd.conf.j2
@ -51,6 +51,7 @@ access to attrs=userPassword
 	by * none
 access to attrs=loginShell
 	by self write
 	by users read
 	by * none
 access to *
 	by self read