ansible-role-ldap-auth/tasks/main.yml

84 lines
2.0 KiB
YAML
Raw Normal View History

2022-01-23 00:38:23 +01:00
- name: system | ldap auth
block:
- name: Load OS specific variables.
tags: ldap
ansible.builtin.include_vars:
2022-01-23 01:05:44 +01:00
file: "os_{{ ansible_facts['lsb']['id'] }}.yml"
2022-01-23 00:38:23 +01:00
- name: Install packages.
tags: ldap,packages,ldap-auth
ansible.builtin.package:
state: present
name:
- "{{ package_libnss_ldapd }}"
- libsss-sudo
- sssd
- name: Create config directories.
tags: ldap,ldap-auth
ansible.builtin.file:
state: directory
owner: root
group: root
mode: 0755
path: "{{ item }}"
with_items:
- /etc/sssd
- /etc/ldap
- name: Copy config files.
tags: ldap,ldap-auth
ansible.builtin.copy:
owner: root
group: root
mode: 0644
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- src: nscd.conf
dest: /etc/nscd.conf
- src: nsswitch.conf
dest: /etc/nsswitch.conf
2022-01-23 01:10:25 +01:00
- src: "{{ ldap_cert }}"
2022-01-23 00:38:23 +01:00
dest: "/etc/ldap/{{ ldap_cert }}"
notify:
- restart_nscd
- name: Create config files from templates.
tags: ldap
template:
owner: root
group: root
mode: 0600
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
2022-01-23 01:13:05 +01:00
- src: sssd.conf
2022-01-23 00:38:23 +01:00
dest: /etc/sssd/sssd.conf
- src: nslcd.conf
dest: /etc/nslcd.conf
2022-01-23 01:13:05 +01:00
- src: ldap.conf
2022-01-23 00:38:23 +01:00
dest: /etc/ldap/ldap.conf
notify:
- restart_nslcd
2022-01-23 01:14:26 +01:00
- restart_nscd
2022-01-23 00:38:23 +01:00
- restart_sssd
- name: Enable services.
ansible.builtin.service:
name: "{{ item }}"
enabled: yes
with_items:
- nslcd
- nscd
- sssd
2022-01-23 02:08:56 +01:00
- name: Enable pam_mkhomedirs
ansible.builtin.lineinfile:
regexp: ^session required pam_mkhomedir.so
line: session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
insertbefore: BOF
2022-01-23 00:38:23 +01:00
when:
- ldap_uris | length > 0