|
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 |
- # Deploy OpenLDAP/FusionDirectory using Ansible
-
- These Role will deploy an OpenLDAP/FusionDirectory server.
-
- Components:
- * OpenLDAP (slapd)
- * FusionDirectory
- * Apache
- * GnuTLS (Internal CA)
-
- ## Prerequisites
-
- * An Ubuntu 18.04 LXD machine.
- * The *python-minimal* package needs to be present.
- * SSH Public key authentication from the Ansible host, to the mailserver.
-
- ## Clone the repository
-
- Clone the repository:
-
- ```
- $ git clone https://git.theo-andreou.org/Personal/ansible-deploy-ldap-fusiondirectory.git
- $ cd ansible-deploy-ldap-fusiondirectory
- ```
-
- ## Create the vars files
-
- ### Create the vars/all.yml file
-
- * Create a *vars/all.yml* file with similar content (you can use *vars/all.yml.example* as reference):
-
- ```
- domain: example.org
- organization: Example LTD
- description: example
- base_dn: dc=example,dc=org
- locality: Limassol
- state: Limassol
- country: CY
- allowed_ips:
- - 192.168.0.0/24
- - 10.0.0.0/24
- language: en_US
- timezone: Asia/Nicosia
- ```
-
- ### Create the vars/secrets.yml filr
-
- * Create an encrypted *vars/secrets.yml* file:
-
- ```
- $ ansible-vault create vars/secrets.yml
- ```
-
- Use a master password for the file above.
-
- * Create this content:
-
- ```
- ldap_admin_dn: cn=admin,dc=example,dc=org
- ldap_admin_pass: MySecretLDAPCombination
- fd_admin: fdadmin
- fd_admin_pass: MySecretFDCombination
- ```
-
- * Create a playbook to call this role (fusiondirectory.yml):
- ```
- - hosts: all
- become: yes
- gather_facts: false
- vars:
- - ansible_user: "ubuntu"
- pre_tasks:
- - name: install python 2
- raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
- changed_when: False
- roles:
- - ansible-deploy-ldap-fusiondirectory
- ```
-
-
- ## Deploy LDAP and FusionDirectory
-
- When done with the configuration run this command (provide your master password):
-
- ```
- $ ansible-playbook --vault-id @prompt fusiondirectory.yml
- ```
-
- When done visit http://auth.example.org to login for the first time. I suggest you enable HTTPS before doing that.
-
- References
- ----------
- * https://docs.ansible.com/ansible/latest/modules/debconf_module.html
- * https://unix.stackexchange.com/questions/126136/how-to-check-debconf-selections-of-a-non-installed-package
- * https://serverfault.com/questions/679693/how-do-i-make-ansible-actually-compile-a-config-file-having-changed-my-debconf-s
- * https://docs.ansible.com/ansible/latest/modules/template_module.html
|