forked from Personal/ansible-deploy-ldap-fusiondirectory
83 lines
2.2 KiB
YAML
83 lines
2.2 KiB
YAML
---
|
|
- name: Update CA Certificates
|
|
command: update-ca-certificates
|
|
|
|
- name: Apply olcSSL.ldif
|
|
command: ldapmodify -Y EXTERNAL -H ldapi:/// -f olcSSL.ldif
|
|
args:
|
|
chdir: /etc/ldap/custom_ldifs
|
|
|
|
- name: Restart slapd
|
|
service:
|
|
name: slapd
|
|
state: restarted
|
|
|
|
- name: Apply FusionDirectory Schema
|
|
command: fusiondirectory-insert-schema
|
|
|
|
- name: Apply FusionDirectory Plugins Schema
|
|
command: |
|
|
fusiondirectory-insert-schema \
|
|
-i /etc/ldap/schema/fusiondirectory/{{ item }}.schema
|
|
with_items:
|
|
- dsa-fd-conf
|
|
- service-fd
|
|
- systems-fd-conf
|
|
- systems-fd
|
|
|
|
- name: Initialize FusionDirectory Configuration
|
|
command: |
|
|
ldapadd -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-init-config.ldif
|
|
args:
|
|
chdir: /etc/ldap/custom_ldifs
|
|
no_log: True
|
|
|
|
- name: Migrate Object Classes
|
|
command: |
|
|
ldapmodify -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-migrate-object-classes.ldif
|
|
args:
|
|
chdir: /etc/ldap/custom_ldifs
|
|
no_log: True
|
|
|
|
- name: Generate FusionDirectory SuperUser and OUs
|
|
shell: |
|
|
yes '{{ fd_admin }}' | \
|
|
fusiondirectory-setup --yes --check-ldap
|
|
|
|
- name: Set SuperUser Password
|
|
command: |
|
|
ldappasswd -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -s {{ fd_admin_pass }} uid={{ fd_admin }},ou=people,{{ base_dn }}
|
|
no_log: True
|
|
|
|
- name: Migrate Default ACLs
|
|
command: |
|
|
ldapadd -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-migrate-default-acl.ldif
|
|
args:
|
|
chdir: /etc/ldap/custom_ldifs
|
|
no_log: True
|
|
|
|
- name: Fix FusionDirectory Configuration Permisions
|
|
command: fusiondirectory-setup --yes --check-config
|
|
|
|
- name: Apply Service Accounts ACL
|
|
command: |
|
|
ldapadd -c -Y EXTERNAL -H ldapi:/// -f fd-service_accounts_acl.ldif
|
|
args:
|
|
chdir: /etc/ldap/custom_ldifs
|
|
|
|
- name: Enable the Apache HTTP VirtualHost
|
|
file:
|
|
src: "/etc/apache2/sites-available/{{ domain }}.conf"
|
|
dest: "/etc/apache2/sites-enabled/{{ domain }}.conf"
|
|
state: link
|
|
|
|
- name: Disable the Default Apache VirtualHost
|
|
file:
|
|
path: /etc/apache2/sites-enabled/000-default.conf
|
|
state: absent
|
|
|
|
- name: Restart Apache
|
|
service:
|
|
name: apache2
|
|
state: restarted
|