aboutsummaryrefslogtreecommitdiff
path: root/roles/openldap/defaults
diff options
context:
space:
mode:
authorGravatar Jonas Gunz <himself@jonasgunz.de> 2023-07-27 21:46:38 +0200
committerGravatar Jonas Gunz <himself@jonasgunz.de> 2023-07-27 21:46:38 +0200
commit7ad67630c40c0669cc1c140ff2d42311fb780b47 (patch)
tree1c4d97ca3acea54f842c10b15eed71edb4d8e86d /roles/openldap/defaults
parentb1030896c67c59c12db51a65d842169d3b73339a (diff)
downloadansible_collection-7ad67630c40c0669cc1c140ff2d42311fb780b47.tar.gz
openldap move access control to hostettings
Diffstat (limited to 'roles/openldap/defaults')
-rw-r--r--roles/openldap/defaults/main.yml26
1 files changed, 25 insertions, 1 deletions
diff --git a/roles/openldap/defaults/main.yml b/roles/openldap/defaults/main.yml
index 4d18343..63094ee 100644
--- a/roles/openldap/defaults/main.yml
+++ b/roles/openldap/defaults/main.yml
@@ -11,4 +11,28 @@ ldap:
key: '/etc/ssl/private/ssl-cert-snakeoil.key'
cert: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
schema: []
-
+ ous:
+ - users
+ - apps
+ - groups
+ - unixgroups
+ groupsofnames:
+ in: 'ou=groups,dc=example,dc=com'
+ names:
+ - ldap_admin
+ - external_auth
+ access_control:
+ - >-
+ {0}to attrs=userPassword
+ by self write
+ by group/groupOfNames/member=cn=external_auth,ou=groups,dc=example,dc=com read
+ by anonymous auth
+ by * none
+ - >-
+ {1}to attrs=shadowLastChange
+ by self write
+ by * read
+ - >-
+ {2}to *
+ by users read
+ by group/groupOfNames/member=cn=ldap_admin,ou=groups,dc=example,dc=com manage