xoxys.ldap_proxy/README.md

3.6 KiB

xoxys.ldap_proxy

Build Status

Role to setup an openldap proxy

Table of content


Default Variables

ldap_proxy_base_dir

Default value

ldap_proxy_base_dir: /etc/openldap

ldap_proxy_urls

Default value

ldap_proxy_urls:
  - ldapi:/// ldap:///

ldap_proxy_options

Default value

ldap_proxy_options: []

ldap_proxy_iptables_enabled

Default value

ldap_proxy_iptables_enabled: false

ldap_proxy_open_ports

Default value

ldap_proxy_open_ports:
  - name: allow_ldap_out
    rules: "-A OUTPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT\n"
    state: present
  - name: allow_ldap_in
    rules: "-A INPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT\n"
    state: present

ldap_proxy_tls_enabled

Default value

ldap_proxy_tls_enabled: false

ldap_proxy_tls_cert_source

Default value

ldap_proxy_tls_cert_source: mycert.pem

ldap_proxy_tls_key_source

Default value

ldap_proxy_tls_key_source: mykey.pem

ldap_proxy_tls_ca_source

Default value

ldap_proxy_tls_ca_source: ca.pem

ldap_proxy_tls_cert_path

Default value

ldap_proxy_tls_cert_path: '{{ ldap_proxy_base_dir }}/certs/mycert.pem'

ldap_proxy_tls_key_path

Default value

ldap_proxy_tls_key_path: '{{ ldap_proxy_base_dir }}/certs/mykey.pem'

ldap_proxy_tls_ca_path

Default value

ldap_proxy_tls_ca_path: '{{ ldap_proxy_base_dir }}/certs/ca.path'

ldap_proxy_server

Default value

ldap_proxy_server: ldap://ad.example.com:389

ldap_proxy_server_suffix

Default value

ldap_proxy_server_suffix: dc=example,dc=com

ldap_proxy_readonly_enabled

Default value

ldap_proxy_readonly_enabled: true

ldap_proxy_loglevel

Default value

ldap_proxy_loglevel: 0

ldap_proxy_acl_file

Default value

ldap_proxy_acl_file: '{{ ldap_proxy_base_dir }}/slapd.access'

ldap_proxy_acls

Default value

ldap_proxy_acls:
  - access_to:
      - '*'
    access_by:
      - '* read'

ldap_proxy_custom_schemas

Default value

ldap_proxy_custom_schemas: []

Dependencies

None.

License

MIT

Author

xoxys