ansible-deploy-ldap-fusiond.../README.md

# Deploy OpenLDAP/FusionDirectory using Ansible

These Role will deploy an OpenLDAP/FusionDirectory server.

Components:
* OpenLDAP (slapd)
* FusionDirectory
* Apache
* GnuTLS (Internal CA)

## Prerequisites

* An Ubuntu 18.04 LXD machine.
* The *python-minimal* package needs to be present.
* SSH Public key authentication from the Ansible host, to the mailserver.

## Clone the repository

Clone the repository:

```
$ git clone https://git.theo-andreou.org/Personal/ansible-deploy-ldap-fusiondirectory.git
$ cd ansible-deploy-ldap-fusiondirectory
```

## Create the vars files

### Create the vars/all.yml file

* Create a *vars/all.yml* file with similar content (you can use *vars/all.yml.example* as reference):

```
domain: example.org
organization: Example LTD
description: example
base_dn: dc=example,dc=org
locality: Limassol
state: Limassol
country: CY
allowed_ips:
  - 192.168.0.0/24
  - 10.0.0.0/24
language: en_US
timezone: Asia/Nicosia
```

### Create the vars/secrets.yml filr

* Create an encrypted *vars/secrets.yml* file:

```
$ ansible-vault create vars/secrets.yml
```

Use a master password for the file above.

* Create this content:

```
ldap_admin_dn: cn=admin,dc=example,dc=org
ldap_admin_pass: MySecretLDAPCombination
fd_admin: fdadmin
fd_admin_pass: MySecretFDCombination
```

* Create a playbook to call this role (fusiondirectory.yml):
```
- hosts: all
  become: yes
  gather_facts: false
  vars:
    - ansible_user: "ubuntu"
  pre_tasks:
    - name: install python 2
      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
      changed_when: False
  roles:
    - ansible-deploy-ldap-fusiondirectory
```


## Deploy LDAP and FusionDirectory

When done with the configuration run this command (provide your master password):

```
$ ansible-playbook --vault-id @prompt fusiondirectory.yml
```

When done visit http://auth.example.org to login for the first time. I suggest you enable HTTPS before doing that.

References
----------
* https://docs.ansible.com/ansible/latest/modules/debconf_module.html
* https://unix.stackexchange.com/questions/126136/how-to-check-debconf-selections-of-a-non-installed-package
* https://serverfault.com/questions/679693/how-do-i-make-ansible-actually-compile-a-config-file-having-changed-my-debconf-s
* https://docs.ansible.com/ansible/latest/modules/template_module.html
Initial Commit 2018-06-07 17:19:58 +03:00			`# Deploy OpenLDAP/FusionDirectory using Ansible`

role instead of playbook 2018-08-19 03:21:00 +03:00			`These Role will deploy an OpenLDAP/FusionDirectory server.`
Initial Commit 2018-06-07 17:19:58 +03:00
			`Components:`
			`* OpenLDAP (slapd)`
			`* FusionDirectory`
			`* Apache`
			`* GnuTLS (Internal CA)`

			`## Prerequisites`

			`* An Ubuntu 18.04 LXD machine.`
			`* The python-minimal package needs to be present.`
			`* SSH Public key authentication from the Ansible host, to the mailserver.`

			`## Clone the repository`

role instead of playbook 2018-08-19 03:21:00 +03:00			`Clone the repository:`
Initial Commit 2018-06-07 17:19:58 +03:00
			```
			`$ git clone https://git.theo-andreou.org/Personal/ansible-deploy-ldap-fusiondirectory.git`
			`$ cd ansible-deploy-ldap-fusiondirectory`
			```

			`## Create the vars files`

			`### Create the vars/all.yml file`

			`* Create a vars/all.yml file with similar content (you can use vars/all.yml.example as reference):`

			```
			`domain: example.org`
			`organization: Example LTD`
			`description: example`
			`base_dn: dc=example,dc=org`
			`locality: Limassol`
			`state: Limassol`
			`country: CY`
			`allowed_ips:`
			`- 192.168.0.0/24`
			`- 10.0.0.0/24`
			`language: en_US`
			`timezone: Asia/Nicosia`
			```

			`### Create the vars/secrets.yml filr`

			`* Create an encrypted vars/secrets.yml file:`

			```
role instead of playbook 2018-08-19 03:21:00 +03:00			`$ ansible-vault create vars/secrets.yml`
Initial Commit 2018-06-07 17:19:58 +03:00			```

			`Use a master password for the file above.`

			`* Create this content:`

			```
			`ldap_admin_dn: cn=admin,dc=example,dc=org`
			`ldap_admin_pass: MySecretLDAPCombination`
			`fd_admin: fdadmin`
			`fd_admin_pass: MySecretFDCombination`
			```

role instead of playbook 2018-08-19 03:21:00 +03:00			`* Create a playbook to call this role (fusiondirectory.yml):`
			```
			`- hosts: all`
			`become: yes`
			`gather_facts: false`
			`vars:`
			`- ansible_user: "ubuntu"`
			`pre_tasks:`
			`- name: install python 2`
			`raw: test -e /usr/bin/python \|\| (apt -y update && apt install -y python-minimal)`
			`changed_when: False`
			`roles:`
			`- ansible-deploy-ldap-fusiondirectory`
			```


Initial Commit 2018-06-07 17:19:58 +03:00			`## Deploy LDAP and FusionDirectory`

			`When done with the configuration run this command (provide your master password):`

			```
role instead of playbook 2018-08-19 03:21:00 +03:00			`$ ansible-playbook --vault-id @prompt fusiondirectory.yml`
Initial Commit 2018-06-07 17:19:58 +03:00			```

			`When done visit http://auth.example.org to login for the first time. I suggest you enable HTTPS before doing that.`

			`References`
			`----------`
			`* https://docs.ansible.com/ansible/latest/modules/debconf_module.html`
			`* https://unix.stackexchange.com/questions/126136/how-to-check-debconf-selections-of-a-non-installed-package`
			`* https://serverfault.com/questions/679693/how-do-i-make-ansible-actually-compile-a-config-file-having-changed-my-debconf-s`
			`* https://docs.ansible.com/ansible/latest/modules/template_module.html`