old
/
syscom-dev-environment
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
syscom-dev-environment/uw00/main.yml

110 lines
3.3 KiB
YAML
Raw Permalink Blame History

---
- hosts: uw00
tasks:
- name: setup networking
import_role:
name: ../roles/network_setup
vars:
ipv4_addr: "{{ uw00_ipv4_addr }}"
base_domain: uwaterloo.ca
# LDAP
- name: install LDAP packages
apt:
name: "{{ item }}"
loop:
- slapd
- ldap-utils
- ldapvi
- name: configure ldap.conf
copy:
dest: /etc/ldap/ldap.conf
content: |
BASE dc=uwaterloo,dc=ca
URI ldapi:///
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
- name: give root write access to LDAP
command:
cmd: ldapmodify -Y EXTERNAL -H ldapi:///
stdin: |
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: {1}to attrs=userPassword by self write by anonymous auth by * none
olcAccess: {2}to attrs=shadowLastChange by self write by * read
olcAccess: {3}to * by * read
-
- name: delete admin record
shell:
cmd: ldapdelete -Y EXTERNAL -H ldapi:/// cn=admin,dc=uwaterloo,dc=ca || true
- name: set organization name
command:
cmd: ldapmodify -Y EXTERNAL -H ldapi:///
stdin: |
dn: dc=uwaterloo,dc=ca
changetype: modify
replace: o
o: University of Waterloo
# for inetLocalMailRecipient
- name: add misc.ldif
shell:
cmd: ldapadd -Y EXTERNAL -H ldapi:/// < /etc/ldap/schema/misc.ldif || true
- name: add people OU
shell:
cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true
stdin: |
dn: ou=People,dc=uwaterloo,dc=ca
objectClass: top
objectClass: organizationalUnit
ou: People
- name: add people records
shell:
cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true
stdin: |
dn: uid={{ item.uid }},ou=People,dc=uwaterloo,dc=ca
displayName: {{ item.givenName }} {{ item.sn }}
givenName: {{ item.givenName }}
sn: {{ item.sn }}
cn: {{ item.givenName }} {{ item.sn }}
mailRoutingAddress: {{ item.uid }}@connect.uwaterloo.ca
ou: MAT/Mathematics Computer Science
mailLocalAddress: {{ item.uid }}@uwaterloo.ca
objectClass: inetLocalMailRecipient
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
uid: {{ item.uid }}
mail: {{ item.uid }}@uwaterloo.ca
loop:
- uid: ctdalek
givenName: Calum
sn: Dalek
- uid: regular1
givenName: Regular
sn: One
- uid: regular2
givenName: Regular
sn: Two
- uid: regular3
givenName: Regular
sn: Three
- uid: exec1
givenName: Exec
sn: One
- uid: exec2
givenName: Exec
sn: Two
- uid: exec3
givenName: Exec
sn: Three
- uid: syscom1
givenName: Syscom
sn: One
- uid: syscom2
givenName: Syscom
sn: Two
- uid: syscom3
givenName: Syscom
sn: Three
Reference in New Issue View Git Blame Copy Permalink