From 4a3908827d6fe8a57df8f94a70ac189610d29edc Mon Sep 17 00:00:00 2001 From: Denis Knauf Date: Fri, 20 Oct 2023 00:52:43 +0200 Subject: [PATCH] community.general.ldap_attrs attributes --- tasks/main.yml | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 0e59d9e..5281761 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -10,41 +10,37 @@ - name: fix acl community.general.ldap_attrs: - name: olcAccess dn: olcDatabase={1}mdb,cn=config state: exact - values: - - >- - {0}to attrs=userPassword,shadowLastChange - by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write - by self write - by anonymous auth - by * none - - >- - {1}to dn.base="" by * read - - >- - {2}to * - by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write - by * read + attributes: + olcAccess: + - >- + {0}to attrs=userPassword,shadowLastChange + by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write + by self write + by anonymous auth + by * none + - >- + {1}to dn.base="" by * read + - >- + {2}to * + by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write + by * read - name: set crypto community.general.ldap_attrs: dn: cn=config - name: "{{item.key}}" state: exact - values: "{{item.value}}" - with_dict: - olcPasswordHash: '{CRYPT}' - olcPasswordCryptSaltFormat: "$6$rounds=8000$%.16s" + attributes: + olcPasswordHash: '{CRYPT}' + olcPasswordCryptSaltFormat: "$6$rounds=8000$%.16s" - name: set base DN community.general.ldap_attrs: dn: 'olcDatabase={{"{"+(ldap_database_index|default(1)|string)+"}"}}mdb,cn=config' - name: "{{item.key}}" state: exact - values: "{{item.value}}" - with_dict: - olcSuffix: "{{ldap_basedn}}" - olcRootDN: "cn=root,{{ldap_basedn}}" + attributes: + olcSuffix: "{{ldap_basedn}}" + olcRootDN: "cn=root,{{ldap_basedn}}" - name: base DN exists? shell: ldapsearch -H ldapi:// -Y external -LLL -b {{ldap_basedn|quote}}