aboutsummaryrefslogtreecommitdiff
path: root/roles/openldap
diff options
context:
space:
mode:
authorGravatar Jonas Gunz <himself@jonasgunz.de> 2022-07-19 00:07:15 +0200
committerGravatar Jonas Gunz <himself@jonasgunz.de> 2022-07-19 00:07:15 +0200
commitff374a7a4fe2191e494e75d02e3307efa23f4168 (patch)
tree19400060bef2b4ec25264b30edf45dcba1fdf839 /roles/openldap
parent2c57b5370c6cd44f700985132f360c15d2664ebf (diff)
downloadansible_collection-ff374a7a4fe2191e494e75d02e3307efa23f4168.tar.gz
OpenLDAP: External auth group to allow reading password
Diffstat (limited to 'roles/openldap')
-rw-r--r--roles/openldap/tasks/main.yml8
1 files changed, 6 insertions, 2 deletions
diff --git a/roles/openldap/tasks/main.yml b/roles/openldap/tasks/main.yml
index 27aca52..444f47f 100644
--- a/roles/openldap/tasks/main.yml
+++ b/roles/openldap/tasks/main.yml
@@ -92,6 +92,7 @@
- >-
{0}to attrs=userPassword
by self write
+ by group/groupOfNames/member=cn=external_auth,ou=groups,{{ ldap.base }} read
by anonymous auth
by * none
- >-
@@ -139,13 +140,16 @@
- name: Create LDAP Admin group
community.general.ldap_entry:
- dn: 'cn=ldap_admin,ou=groups,{{ ldap.base }}'
+ dn: 'cn={{ item }},ou=groups,{{ ldap.base }}'
objectClass:
- groupOfNames
- top
attributes:
- cn: 'ldap_admin'
+ cn: '{{ item }}'
member: ''
server_uri: ldap://localhost
bind_dn: '{{ ldap.root_dn }}'
bind_pw: '{{ ldap.root_pw }}'
+ loop:
+ - ldap_admin
+ - external_auth