ynerant/templier-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Connexion au serveur LDAP

Browse Source 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
Yohann D'ANELLO 2021-05-24 19:30:20 +02:00
parent a8c4bf141b
commit 0a85cd22ff
Signed by: ynerant
GPG Key ID: 3A75C55819C8CF85
7 changed files with 126 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
group_vars/all/all.yml
View File

@ -17,6 +17,10 @@ ansible_header: |
+++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++
glob_ldap:
servers:
- 172.16.42.1
base: 'dc=ynerant,dc=fr'
pass: pass:

1
plays/base.yml
View File

@ -3,6 +3,7 @@
- import_playbook: apt.yml - import_playbook: apt.yml
- import_playbook: ntp.yml - import_playbook: ntp.yml
- import_playbook: ldap-client.yml
- hosts: all - hosts: all
roles: roles:

7
plays/ldap-client.yml Executable file
View File

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts: debian
vars:
ldap: '{{ glob_ldap | combine(loc_ldap | default({})) }}'
roles:
- ldap-client

10
roles/ldap-client/README.md Normal file
View File

@ -0,0 +1,10 @@
# LDAP-CLIENT
Configure un client ldap pour les utilisateurs
## VARS
ldap:
- local: si le serveur est installé en local
- servers: la liste des servers ldap a contacté
- base: le search term du ldap

16
roles/ldap-client/handlers/main.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Reconfigure libnss-ldapd package
command: dpkg-reconfigure libnss-ldapd -f noninteractive
- name: Restart nslcd service
service:
name: nslcd
state: restarted
# Empty cache when nslcd is restarted
- name: Restart nscd service
service:
name: nscd
state: restarted
ignore_errors: true # Sometimes service do not exist
listen: Restart nslcd service

50
roles/ldap-client/tasks/main.yml Normal file
View File

@ -0,0 +1,50 @@
---
# Install LDAP client packages
- name: Install LDAP client packages
apt:
update_cache: true
name:
- libnss-ldapd
- libpam-ldapd
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
# Configure /etc/nslcd.conf
- name: Configure nslcd
template:
src: nslcd.conf.j2
dest: /etc/nslcd.conf
mode: 0600
notify: Restart nslcd service
# Configure /etc/nsswitch.conf
- name: Configure NSS to use LDAP
lineinfile:
dest: /etc/nsswitch.conf
regexp: "^{{ item }}"
line: "{{ item }} files systemd ldap"
loop:
- "passwd:"
- "group: "
notify: Restart nslcd service
- name: Configure NSS to use LDAP
lineinfile:
dest: /etc/nsswitch.conf
regexp: "^{{ item }}"
line: "{{ item }} files ldap"
loop:
- "shadow: "
- "networks:"
notify: Restart nslcd service
- name: Configure NSS to use LDAP
lineinfile:
dest: /etc/nsswitch.conf
regexp: "^{{ item }}"
line: "{{ item }} files ldap dns"
loop:
- "hosts:"
notify: Restart nslcd service

38
roles/ldap-client/templates/nslcd.conf.j2 Normal file
View File

@ -0,0 +1,38 @@
{{ ansible_header | comment }}
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
{% if 'slapd' in group_names %}
uri ldapi:///
{% else %}
{% for server in ldap.servers %}
uri ldaps://{{ server }}/
{% endfor %}
{% endif %}
# The search base that will be used for all queries.
base {{ ldap.base }}
# The LDAP protocol version to use.
#ldap_version 3
# The DN to bind with for normal lookups.
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com
# SSL options
#ssl off
tls_reqcert allow
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# The search scope.
#scope sub