|
- ---
- - name: Update CA Certificates
- command: update-ca-certificates
-
- - name: Apply olcSSL.ldif
- command: ldapmodify -Y EXTERNAL -H ldapi:/// -f olcSSL.ldif
- args:
- chdir: /etc/ldap/custom_ldifs
-
- - name: Restart slapd
- service:
- name: slapd
- state: restarted
-
- - name: Apply FusionDirectory Schema
- command: fusiondirectory-insert-schema
-
- - name: Apply FusionDirectory Plugins Schema
- command: |
- fusiondirectory-insert-schema \
- -i /etc/ldap/schema/fusiondirectory/{{ item }}.schema
- with_items:
- - dsa-fd-conf
- - service-fd
- - systems-fd-conf
- - systems-fd
-
- - name: Initialize FusionDirectory Configuration
- command: |
- ldapadd -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-init-config.ldif
- args:
- chdir: /etc/ldap/custom_ldifs
- no_log: True
-
- - name: Migrate Object Classes
- command: |
- ldapmodify -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-migrate-object-classes.ldif
- args:
- chdir: /etc/ldap/custom_ldifs
- no_log: True
-
- - name: Generate FusionDirectory SuperUser and OUs
- shell: |
- yes '{{ fd_admin }}' | \
- fusiondirectory-setup --yes --check-ldap
-
- - name: Set SuperUser Password
- command: |
- ldappasswd -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -s {{ fd_admin_pass }} uid={{ fd_admin }},ou=people,{{ base_dn }}
- no_log: True
-
- - name: Migrate Default ACLs
- command: |
- ldapadd -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-migrate-default-acl.ldif
- args:
- chdir: /etc/ldap/custom_ldifs
- no_log: True
-
- - name: Fix FusionDirectory Configuration Permisions
- command: fusiondirectory-setup --yes --check-config
-
- - name: Apply Service Accounts ACL
- command: |
- ldapadd -c -Y EXTERNAL -H ldapi:/// -f fd-service_accounts_acl.ldif
- args:
- chdir: /etc/ldap/custom_ldifs
-
- - name: Enable the Apache HTTP VirtualHost
- file:
- src: "/etc/apache2/sites-available/{{ domain }}.conf"
- dest: "/etc/apache2/sites-enabled/{{ domain }}.conf"
- state: link
-
- - name: Disable the Default Apache VirtualHost
- file:
- path: /etc/apache2/sites-enabled/000-default.conf
- state: absent
-
- - name: Restart Apache
- service:
- name: apache2
- state: restarted
|