2022-01-23 00:38:23 +01:00
|
|
|
- name: system | ldap auth
|
|
|
|
block:
|
|
|
|
- name: Load OS specific variables.
|
|
|
|
tags: ldap
|
|
|
|
ansible.builtin.include_vars:
|
2022-01-23 01:05:44 +01:00
|
|
|
file: "os_{{ ansible_facts['lsb']['id'] }}.yml"
|
2022-01-23 00:38:23 +01:00
|
|
|
|
|
|
|
- name: Install packages.
|
|
|
|
tags: ldap,packages,ldap-auth
|
|
|
|
ansible.builtin.package:
|
|
|
|
state: present
|
|
|
|
name:
|
|
|
|
- "{{ package_libnss_ldapd }}"
|
|
|
|
- libsss-sudo
|
|
|
|
- sssd
|
|
|
|
|
|
|
|
- name: Create config directories.
|
|
|
|
tags: ldap,ldap-auth
|
|
|
|
ansible.builtin.file:
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0755
|
|
|
|
path: "{{ item }}"
|
|
|
|
with_items:
|
|
|
|
- /etc/sssd
|
|
|
|
- /etc/ldap
|
|
|
|
|
|
|
|
- name: Copy config files.
|
|
|
|
tags: ldap,ldap-auth
|
|
|
|
ansible.builtin.copy:
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
|
|
|
src: "{{ item.src }}"
|
|
|
|
dest: "{{ item.dest }}"
|
|
|
|
with_items:
|
|
|
|
- src: nscd.conf
|
|
|
|
dest: /etc/nscd.conf
|
|
|
|
- src: nsswitch.conf
|
|
|
|
dest: /etc/nsswitch.conf
|
2022-01-23 01:10:25 +01:00
|
|
|
- src: "{{ ldap_cert }}"
|
2022-01-23 00:38:23 +01:00
|
|
|
dest: "/etc/ldap/{{ ldap_cert }}"
|
|
|
|
notify:
|
|
|
|
- restart_nscd
|
|
|
|
|
|
|
|
- name: Create config files from templates.
|
|
|
|
tags: ldap
|
|
|
|
template:
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0600
|
|
|
|
src: "{{ item.src }}"
|
|
|
|
dest: "{{ item.dest }}"
|
|
|
|
with_items:
|
2022-01-23 01:13:05 +01:00
|
|
|
- src: sssd.conf
|
2022-01-23 00:38:23 +01:00
|
|
|
dest: /etc/sssd/sssd.conf
|
|
|
|
- src: nslcd.conf
|
|
|
|
dest: /etc/nslcd.conf
|
2022-01-23 01:13:05 +01:00
|
|
|
- src: ldap.conf
|
2022-01-23 00:38:23 +01:00
|
|
|
dest: /etc/ldap/ldap.conf
|
|
|
|
notify:
|
|
|
|
- restart_nslcd
|
2022-01-23 01:14:26 +01:00
|
|
|
- restart_nscd
|
2022-01-23 00:38:23 +01:00
|
|
|
- restart_sssd
|
|
|
|
|
|
|
|
- name: Enable services.
|
|
|
|
ansible.builtin.service:
|
|
|
|
name: "{{ item }}"
|
|
|
|
enabled: yes
|
|
|
|
with_items:
|
|
|
|
- nslcd
|
|
|
|
- nscd
|
|
|
|
- sssd
|
|
|
|
|
2022-01-23 02:08:56 +01:00
|
|
|
- name: Enable pam_mkhomedirs
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
regexp: ^session required pam_mkhomedir.so
|
|
|
|
line: session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
|
|
|
|
insertbefore: BOF
|
|
|
|
|
2022-01-23 00:38:23 +01:00
|
|
|
when:
|
|
|
|
- ldap_uris | length > 0
|