From 3c1a94822b4951910820fecc976c1096e8dc76f2 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Thu, 6 Aug 2020 16:24:56 +0200
Subject: [PATCH] [slapd][unsafe] Rennomage variables et doc
---
...aniel.adm.crans.org => daniel.adm.crans.org.yml} | 0
roles/slapd/README.md | 13 +++++++++++++
roles/slapd/tasks/main.yml | 2 +-
roles/slapd/templates/ldap/slapd.conf.j2 | 12 ++++++------
4 files changed, 20 insertions(+), 7 deletions(-)
rename host_vars/{daniel.adm.crans.org => daniel.adm.crans.org.yml} (100%)
create mode 100644 roles/slapd/README.md
diff --git a/host_vars/daniel.adm.crans.org b/host_vars/daniel.adm.crans.org.yml
similarity index 100%
rename from host_vars/daniel.adm.crans.org
rename to host_vars/daniel.adm.crans.org.yml
diff --git a/roles/slapd/README.md b/roles/slapd/README.md
new file mode 100644
index 00000000..45b7b027
--- /dev/null
+++ b/roles/slapd/README.md
@@ -0,0 +1,13 @@
+# SLAPD
+
+Deploie un serveur ldap master ou replica
+
+## VARS
+
+slapd:
+ - ip : l'ip sur lequel il va installer le serveur ldap
+ - replica : s'il s'agit d'un master ou d'une replica
+ - replica_rid : le numéro de replica du serveur
+ - master_ip : l'ip du master
+ - replication_credentials : les credientials pour authentifier les replicas
+ auprès du master
diff --git a/roles/slapd/tasks/main.yml b/roles/slapd/tasks/main.yml
index d39f9502..84599aa2 100644
--- a/roles/slapd/tasks/main.yml
+++ b/roles/slapd/tasks/main.yml
@@ -26,6 +26,6 @@
lineinfile:
path: /etc/default/slapd
regexp: '^SLAPD_SERVICES='
- line: 'SLAPD_SERVICES="ldaps://{{ ldap.ip }}/ ldapi:///"'
+ line: 'SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"'
notify: Restart slapd
check_mode: no
diff --git a/roles/slapd/templates/ldap/slapd.conf.j2 b/roles/slapd/templates/ldap/slapd.conf.j2
index 0db098b6..762756b8 100644
--- a/roles/slapd/templates/ldap/slapd.conf.j2
+++ b/roles/slapd/templates/ldap/slapd.conf.j2
@@ -23,7 +23,7 @@ loglevel none
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_mdb
-{% if not ldap.replica %}
+{% if not slapd.replica %}
moduleload auditlog
overlay auditlog
@@ -104,13 +104,13 @@ lastmod on
# failure and to speed slapd shutdown.
checkpoint 512 30
-{% if ldap.replica %}
+{% if slapd.replica %}
syncrepl
- rid={{ ldap.replica_rid }}
- provider=ldaps://{{ ldap.master_ip }}:636
+ rid={{ slapd.replica_rid }}
+ provider=ldaps://{{ slapd.master_ip }}:636
bindmethod=simple
binddn="cn=replicator,dc=crans,dc=org"
- credentials={{ ldap.replication_credentials }}
+ credentials={{ slapd.replication_credentials }}
searchbase="dc=crans,dc=org"
scope=sub
schemachecking=on
@@ -121,7 +121,7 @@ syncrepl
tls_reqcert=allow
{% endif %}
-{% if ldap.replica %}
+{% if slapd.replica %}
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
--
GitLab