diff options
author | Jonas Gunz <himself@jonasgunz.de> | 2023-07-27 21:46:38 +0200 |
---|---|---|
committer | Jonas Gunz <himself@jonasgunz.de> | 2023-07-27 21:46:38 +0200 |
commit | 7ad67630c40c0669cc1c140ff2d42311fb780b47 (patch) | |
tree | 1c4d97ca3acea54f842c10b15eed71edb4d8e86d /roles/openldap/defaults | |
parent | b1030896c67c59c12db51a65d842169d3b73339a (diff) | |
download | ansible_collection-7ad67630c40c0669cc1c140ff2d42311fb780b47.tar.gz |
openldap move access control to hostettings
Diffstat (limited to 'roles/openldap/defaults')
-rw-r--r-- | roles/openldap/defaults/main.yml | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/roles/openldap/defaults/main.yml b/roles/openldap/defaults/main.yml index 4d18343..63094ee 100644 --- a/roles/openldap/defaults/main.yml +++ b/roles/openldap/defaults/main.yml @@ -11,4 +11,28 @@ ldap: key: '/etc/ssl/private/ssl-cert-snakeoil.key' cert: '/etc/ssl/certs/ssl-cert-snakeoil.pem' schema: [] - + ous: + - users + - apps + - groups + - unixgroups + groupsofnames: + in: 'ou=groups,dc=example,dc=com' + names: + - ldap_admin + - external_auth + access_control: + - >- + {0}to attrs=userPassword + by self write + by group/groupOfNames/member=cn=external_auth,ou=groups,dc=example,dc=com read + by anonymous auth + by * none + - >- + {1}to attrs=shadowLastChange + by self write + by * read + - >- + {2}to * + by users read + by group/groupOfNames/member=cn=ldap_admin,ou=groups,dc=example,dc=com manage |