Giters

hamzaachi / openldap-ansible

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Ansible Playbooks to install and manage OpenLDAP using Ansible 2.4 and higher. To use these Playbooks do the following:

	1. Define Your Environment:
        ===========================

 	To specify the settings and variables of your environment review the ``etc`` folder, which holds:
		* ``config.sh``: This file defines the variables of the target nodes like IP@, root pw, ssh key.....
		* ``*.pem`` file: This file is the SSH key used to SSHing into the target nodes.
		* ``globals.yml``: This file defines the settings of LDAP server like domaine_name, admin_password, replication mode....It also used to define the list  of LDAP users to be added or removed. The variables that must be reviewed/changed are:
			- ldap_ha_mode: To define which type of a high availabilty deployment when having more than 1 server.
			- ldap_admin_info: To define your domaine name, password..... 
			- ldap_groups_users_list: To define the list of groups/users to ab created/removed from openldap. To limit the login time for 1 or more groups set the variable "session_duration" following the same syntax in the example
			- openldap_ssl: To enable/disable ssl, when enabling it (True) you will also need to put your certificate files in the folder "certs" and define your Common Name in "openldap_ssl_cn" variable. If you would like to use a self-signed certificate refer to the annex.


	2. Launch the Deployment:
        =========================

	After setting up your environment you just need to run ``./deploy.sh``, as "root".

	3. Managing LDAP:
        ======================

		* To add new LDAP servers type (After defining them):
		  ldap-deployer --tags ldapservers

		* To add new LDAP clients type (After defining them):
		  ldap-deployer --tags ldapclients

		* To add or remove users/groups simply append them into the file ``globals.yml`` following the same syntax, then launch the command( "OnServer": on which server to create users ,"OnClient: on which client to remove the home directory of the removed users". both of these vars are optional) : 
                  ldap-deployer --tags ldap-gr-usr -e OnServer=SERVER_INVENTORY_HOSTNAME -e OnClient=CLIENT_INVENTORY_HOSTNAME

About

Languages

Language:Python 53.4%Language:Shell 46.6%