diff --git a/tasks/setup.yml b/tasks/setup.yml index 8ccbae5..93daccb 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -8,6 +8,16 @@ - openldap-servers - openldap-clients + - name: Ensure base directories exists at '{{ ldap_proxy_base_dir }}' + file: + path: "{{ item }}" + state: directory + owner: root + group: root + with_items: + - "{{ ldap_proxy_base_dir }}" + - "{{ ldap_proxy_acl_file | dirname }}" + - name: Deploy environment file template: src: "etc/sysconfig/slapd.j2" @@ -17,19 +27,19 @@ mode: 0644 notify: __slapd_restart - - name: Deploy config file + - name: Deploy config file to '{{ ldap_proxy_base_dir }}/slapd.conf' template: src: "etc/openldap/slapd.conf.j2" - dest: "/etc/openldap/slapd.conf" + dest: "{{ ldap_proxy_base_dir }}/slapd.conf" owner: root group: root mode: 0644 notify: __slapd_restart - - name: Deploy access control file + - name: Deploy access control file '{{ ldap_proxy_acl_file }}' template: src: "etc/openldap/slapd.access.j2" - dest: "/etc/openldap/slapd.access" + dest: "{{ ldap_proxy_acl_file }}" owner: root group: root mode: 0644 diff --git a/templates/etc/openldap/slapd.access.j2 b/templates/etc/openldap/slapd.access.j2 index f5f4266..f36ec57 100644 --- a/templates/etc/openldap/slapd.access.j2 +++ b/templates/etc/openldap/slapd.access.j2 @@ -2,6 +2,6 @@ {% for acl in ldap_proxy_acls %} access to {{ acl.access_to | join(' ') }} {% for item in acl.access_by %} - {{ item }} + by {{ item }} {% endfor %} {% endfor %} diff --git a/templates/etc/openldap/slapd.conf.j2 b/templates/etc/openldap/slapd.conf.j2 index 645d727..79350eb 100644 --- a/templates/etc/openldap/slapd.conf.j2 +++ b/templates/etc/openldap/slapd.conf.j2 @@ -40,7 +40,7 @@ rebind-as-user uri "{{ ldap_proxy_server }}" suffix "{{ ldap_proxy_server_suffix }}" -### ACL definition ######################################### +### ACL definition ############################################################ include "{{ ldap_proxy_acl_file }}" ### Logging ###################################################################