setup ldap acl

This commit is contained in:
Robert Kaussow 2018-12-01 15:33:37 +01:00
parent de065fac0d
commit 4e61e1b07b
3 changed files with 21 additions and 3 deletions

View File

@ -1,4 +1,5 @@
---
ldap_proxy_base_dir: /etc/openldap/certs
ldap_proxy_urls:
- "ldapi:/// ldap:///"
ldap_proxy_options: []
@ -24,12 +25,19 @@ ldap_proxy_tls_source_use_files: True
ldap_proxy_tls_cert_source: mycert.pem
ldap_proxy_tls_key_source: mykey.pem
ldap_proxy_tls_ca_source: ca.pem
ldap_proxy_tls_cert_path: /etc/openldap/certs/mycert.pem
ldap_proxy_tls_key_path: /etc/openldap/certs/mykey.pem
ldap_proxy_tls_ca_path: /etc/openldap/certs/ca.path
ldap_proxy_tls_cert_path: "{{ ldap_proxy_base_dir }}/mycert.pem"
ldap_proxy_tls_key_path: "{{ ldap_proxy_base_dir }}/mykey.pem"
ldap_proxy_tls_ca_path: "{{ ldap_proxy_base_dir }}/ca.path"
ldap_proxy_server: "ldap://ad.example.com:389"
ldap_proxy_server_suffix: "dc=example,dc=com"
ldap_proxy_readonly_enabled: True
ldap_proxy_loglevel: 0
ldap_proxy_acl_file: "{{ ldap_proxy_base_dir }}/slapd.access"
ldap_proxy_acls:
- access_to:
- '*'
access_by:
- '* read'

View File

@ -0,0 +1,7 @@
# {{ ansible_managed }}
{% for acl in ldap_proxy_acls %}
access to {{ acl.access_to | join(' ') }}
{% for item in acl.access_by %}
{{ item }}
{% endfor %}
{% endfor %}

View File

@ -40,5 +40,8 @@ rebind-as-user
uri "{{ ldap_proxy_server }}"
suffix "{{ ldap_proxy_server_suffix }}"
### ACL definition #########################################
include "{{ ldap_proxy_acl_file }}"
### Logging ###################################################################
loglevel {{ ldap_proxy_loglevel }}