xoxys.ldap_proxy/defaults/main.yml

---
ldap_proxy_base_dir: /etc/openldap/certs
ldap_proxy_urls:
  - "ldapi:/// ldap:///"
ldap_proxy_options: []

ldap_proxy_iptables_enabled: False
ldap_proxy_open_ports:
  - name: allow_ldap_out
    rules: |
      -A OUTPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT
    state: present
  - name: allow_ldap_in
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT
    state: present

# You can deploy your certificates from a file or from content.
# If you enable ldap_proxy_tls_source_use_content you have to put the content of your cert files into
# ldap_proxy_tls_cert_path and ldap_proxy_tls_cert_path.
ldap_proxy_tls_source_use_content: False
# If you enable ldap_proxy_tls_source_use_files theses variables have to contain the path to your
# certificate files located on the ansible "master" host
ldap_proxy_tls_source_use_files: True
ldap_proxy_tls_cert_source: mycert.pem
ldap_proxy_tls_key_source: mykey.pem
ldap_proxy_tls_ca_source: ca.pem
ldap_proxy_tls_cert_path: "{{ ldap_proxy_base_dir }}/mycert.pem"
ldap_proxy_tls_key_path: "{{ ldap_proxy_base_dir }}/mykey.pem"
ldap_proxy_tls_ca_path: "{{ ldap_proxy_base_dir }}/ca.path"

ldap_proxy_server: "ldap://ad.example.com:389"
ldap_proxy_server_suffix: "dc=example,dc=com"
ldap_proxy_readonly_enabled: True

ldap_proxy_loglevel: 0

ldap_proxy_acl_file: "{{ ldap_proxy_base_dir }}/slapd.access"
ldap_proxy_acls:
  - access_to:
      - '*'
    access_by:
      - '* read'
initial commit 2018-12-01 01:31:11 +01:00			`---`
setup ldap acl 2018-12-01 15:33:37 +01:00			`ldap_proxy_base_dir: /etc/openldap/certs`
initial commit 2018-12-01 01:31:11 +01:00			`ldap_proxy_urls:`
			`- "ldapi:/// ldap:///"`
			`ldap_proxy_options: []`

add iptables task 2018-12-01 02:03:29 +01:00			`ldap_proxy_iptables_enabled: False`
			`ldap_proxy_open_ports:`
			`- name: allow_ldap_out`
			`rules: \|`
			`-A OUTPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT`
			`state: present`
			`- name: allow_ldap_in`
			`rules: \|`
			`-A INPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT`
			`state: present`

initial commit 2018-12-01 01:31:11 +01:00			`# You can deploy your certificates from a file or from content.`
			`# If you enable ldap_proxy_tls_source_use_content you have to put the content of your cert files into`
			`# ldap_proxy_tls_cert_path and ldap_proxy_tls_cert_path.`
			`ldap_proxy_tls_source_use_content: False`
			`# If you enable ldap_proxy_tls_source_use_files theses variables have to contain the path to your`
			`# certificate files located on the ansible "master" host`
			`ldap_proxy_tls_source_use_files: True`
			`ldap_proxy_tls_cert_source: mycert.pem`
			`ldap_proxy_tls_key_source: mykey.pem`
			`ldap_proxy_tls_ca_source: ca.pem`
setup ldap acl 2018-12-01 15:33:37 +01:00			`ldap_proxy_tls_cert_path: "{{ ldap_proxy_base_dir }}/mycert.pem"`
			`ldap_proxy_tls_key_path: "{{ ldap_proxy_base_dir }}/mykey.pem"`
			`ldap_proxy_tls_ca_path: "{{ ldap_proxy_base_dir }}/ca.path"`
initial commit 2018-12-01 01:31:11 +01:00
			`ldap_proxy_server: "ldap://ad.example.com:389"`
			`ldap_proxy_server_suffix: "dc=example,dc=com"`
			`ldap_proxy_readonly_enabled: True`

			`ldap_proxy_loglevel: 0`
setup ldap acl 2018-12-01 15:33:37 +01:00
			`ldap_proxy_acl_file: "{{ ldap_proxy_base_dir }}/slapd.access"`
			`ldap_proxy_acls:`
			`- access_to:`
			`- '*'`
			`access_by:`
			`- '* read'`