You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ketudb 21fa4891bb
Update readme
8 months ago
defaults Add copy certs by default 8 months ago
handlers initial load 3 years ago
meta initial load 3 years ago
tasks Add openldap-clients package by default; modernise yum loop 8 months ago
templates changed DB_CONFIG to be built from template, added copying of certs and server keys 3 years ago
tests initial load 3 years ago
vars initial load 3 years ago
.gitignore initial load 3 years ago
README.md Update readme 8 months ago

README.md

Role Name

Builds an OpenLDAP server. Currently only tested on RHEL 7. Forked from Deneen Carr’s ansible-role-ldapserver for updated maintainability/modernisation

Requirements

Uses standard Ansible modules.

Role Variables

  • ldap_top - top dc for the Domain, used to build the domain and in the base.ldif.j2 template to build the base db
  • ldap_base - base of the LDAP Domain
  • ldap_root - account used as the root/admin for the LDAP db
  • cert_dest_path - remote directory where certs will be copied
  • ca_src_path - local directory where the CA cert is stored
  • server_src_path - local directory where the server cert and key is stored
  • server_cert - full path for the server cert (remote) - default is {{ cert_dest_path }}/{{ ansible_nodename }}.cert
  • server_key - full path for the server key (remote) - default is {{ cert_dest_path }}/{{ ansible_nodename }}.key
  • ca_cert - full path for the CA cert (remote) - default is {{ cert_dest_path }}/cacert.pem
  • ca_source_cert - full path where local copy of the CA cert is stored - default is {{ ca_src_path }}/cacert.pem
  • server_source_cert - full path for the server cert (local) - default is {{ server_src_path }}/{{ ansible_nodename }}.cert
  • server_source_key - full path for the server key (local) - default is {{ server_src_path }}/{{ ansible_nodename }}.key
  • ldap_root_passwd: root/admin password - must be hashed in ldap_root_hash
  • ldap_root_hash: root/admin password hash - must be hashed version of ldap_root_passwd
  • schema_adds: list of ldif files to expand the schema for the LDAP db
  • ldap_copy_certs: True: copy certs & keys from controller to server, False: remote paths are assumed to exist - default True

DB_CONFIG setting -

  • db_lock_expire - boolean, if true, enables db_lock_expire setting
  • db_log_autoremove - boolean, if true, enables auto-remove of transaction logs
  • db_lg_max - sets transaction log max
  • db_cachesize - sets cachesize settings
  • db_checkpoint - sets checkpoint settins

License

BSD