roles/openldap/defaults/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

---
ldap:
  o: 'Example Com'
  base: 'dc=example,dc=com'
  root_dn: 'cn=admin,dc=example,dc=com'
  root_pw: 'admin'
  root_pw_hash: '{SSHA}T4NWs0yED2vORnKH4fWMSicNH0n0jtwP'
  tls:
    enable: false
    ca: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
    key: '/etc/ssl/private/ssl-cert-snakeoil.key'
    cert: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
  schema: []
  ous:
    - users
    - apps
    - groups
    - unixgroups
  groupsofnames:
    in: 'ou=groups,dc=example,dc=com'
    names:
      - ldap_admin
      - external_auth
  access_control:
    - >-
      {0}to attrs=userPassword
      by self write
      by group/groupOfNames/member=cn=external_auth,ou=groups,dc=example,dc=com read
      by anonymous auth
      by * none
    - >-
      {1}to attrs=shadowLastChange
      by self write
      by * read
    - >-
      {2}to *
      by users read
      by group/groupOfNames/member=cn=ldap_admin,ou=groups,dc=example,dc=com manage