Bump to third revision of homelab

3 files changed, 48 insertions, 0 deletions

diff --git a/roles/ldapd/defaults/main.yml b/roles/ldapd/defaults/main.yml
new file mode 100644
index 0000000..3e86bfc
--- /dev/null
+++ b/roles/ldapd/defaults/main.yml
@@ -0,0 +1,3 @@
+ldapd_user: _ldapd
+ldapd_group: _ldapd
+ldapd_dir: /data/ldap
diff --git a/roles/ldapd/tasks/main.yml b/roles/ldapd/tasks/main.yml
new file mode 100644
index 0000000..2866ba8
--- /dev/null
+++ b/roles/ldapd/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: ensure ldapd db dir exists
+  file:
+    path: "{{ ldapd_dir }}"
+    owner: "{{ ldapd_user }}"
+    group: "{{ ldapd_group }}"
+    state: directory
+    mode: "0700"
+
+- name: generate ldapd configuration
+  template:
+    src: etc-ldapd.conf.j2
+    dest: /etc/ldapd.conf
+    owner: "0"
+    group: "0"
+    mode: "0600"
+
+- name: enable and start ldapd
+  service:
+    name: ldapd
+    state: restarted
+    enabled: true
+    args: -r "{{ ldapd_dir }}"
diff --git a/roles/ldapd/templates/etc-ldapd.conf.j2 b/roles/ldapd/templates/etc-ldapd.conf.j2
new file mode 100644
index 0000000..e08fa9c
--- /dev/null
+++ b/roles/ldapd/templates/etc-ldapd.conf.j2
@@ -0,0 +1,23 @@
+
+# ldapd configuration
+# manage by Ansible
+
+schema "/etc/ldap/core.schema"
+schema "/etc/ldap/inetorgperson.schema"
+schema "/etc/ldap/nis.schema"
+schema "/etc/ldap/bsd.schema"
+
+{% for interface in ansible_interfaces %}
+{% if "pflog" not in interface %}
+listen on {{ interface }}
+{% endif %}
+{% endfor %}
+listen on "/var/run/ldapi"
+
+namespace "dc=domain" {
+  rootdn "cn=admin,dc=domain"
+
+  deny read,write access to subtree root by any
+  allow read,write access to subtree root by self
+
+}