From 8f4cf4883ecc4833ff7b07a33459f43f697800f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kucharczyk?= Date: Sun, 16 May 2021 22:55:22 +0200 Subject: [PATCH 1/4] Add minimum viable role. --- playbook.yml | 1 + roles/openldap/tasks/main.yml | 46 ++++++++++++++++++++++++++ roles/openldap/templates/base.ldif.j2 | 6 ++++ roles/openldap/templates/lukas.ldif.j2 | 14 ++++++++ roles/openldap/templates/slapd.conf.j2 | 16 +++++++++ 5 files changed, 83 insertions(+) create mode 100644 roles/openldap/tasks/main.yml create mode 100644 roles/openldap/templates/base.ldif.j2 create mode 100644 roles/openldap/templates/lukas.ldif.j2 create mode 100644 roles/openldap/templates/slapd.conf.j2 diff --git a/playbook.yml b/playbook.yml index eeff7ac..f2ddd81 100644 --- a/playbook.yml +++ b/playbook.yml @@ -4,5 +4,6 @@ - docker - nginx - jellyfin + - openldap vars_files: - vault/certs/{{ base_domain }}.yml diff --git a/roles/openldap/tasks/main.yml b/roles/openldap/tasks/main.yml new file mode 100644 index 0000000..3796efb --- /dev/null +++ b/roles/openldap/tasks/main.yml @@ -0,0 +1,46 @@ +- name: ensure directories exist + file: + path: "{{ item }}" + state: directory + mode: '0755' + loop: + - "{{ data_folder }}/openldap" + - "{{ data_folder }}/openldap/data" + - "{{ data_folder }}/openldap/slapd.d" + # - "{{ data_folder }}/openldap/ldifs" +# - name: copy slapd.conf +# template: +# src: slapd.conf.j2 +# dest: "{{ data_folder }}/openldap/slapd.d/slapd.conf" +# mode: '0755' +# - name: copy user ldif +# template: +# src: lukas.ldif.j2 +# dest: "{{ data_folder }}/openldap/ldifs/lukas.ldif" +# mode: '0755' +- name: run container + docker_container: + name: "openldap" + image: osixia/openldap + command: "--loglevel debug" + networks: + - name: nginx-internal + ports: + - "389:389" + - "636:636" + volumes: + - "{{ data_folder }}/openldap/data:/var/lib/ldap" + - "{{ data_folder }}/openldap/slapd.d:/etc/ldap/slapd.d" + # - "{{ data_folder }}/openldap/ldifs:/container/service/slapd/assets/config/bootstrap/ldif/custom" + env: + LDAP_ORGANISATION: "Homelab" + LDAP_DOMAIN: "kucharczyk.xyz" + LDAP_ADMIN_PASSWORD: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35623735376134353839323136623133393035343162363366643632376262393539653736326431 + 6635373265313033653861393463633835333639346239650a303463323063373866316162616131 + 66356335346631386265363462353034393735366430636634643466376435313638303938363363 + 3838396139663964300a633931303135376566633363303336373937373138643564636263656233 + 6239 + state: started + restart: yes \ No newline at end of file diff --git a/roles/openldap/templates/base.ldif.j2 b/roles/openldap/templates/base.ldif.j2 new file mode 100644 index 0000000..755e9b1 --- /dev/null +++ b/roles/openldap/templates/base.ldif.j2 @@ -0,0 +1,6 @@ +dn: dc=kucharczyk,dc=xyz +objectclass: top +objectclass: dcObject +objectclass: organization +dc: kucharczyk +o: Homelab \ No newline at end of file diff --git a/roles/openldap/templates/lukas.ldif.j2 b/roles/openldap/templates/lukas.ldif.j2 new file mode 100644 index 0000000..f0325cd --- /dev/null +++ b/roles/openldap/templates/lukas.ldif.j2 @@ -0,0 +1,14 @@ +dn: uid=lukas,dc=kucharczyk,dc=xyz +uid: lukas +cn: lukas +givenName: Lukas +sn: Kucharczyk +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +loginShell: /bin/bash +homeDirectory: /home/lukas +uidNumber: 1000 +gidNumber: 1000 +userPassword: {SSHA}zsJllCeWKbz1we+L/gu/yt0hxeBdvJfT +mail: lukas@kucharczyk.xyz \ No newline at end of file diff --git a/roles/openldap/templates/slapd.conf.j2 b/roles/openldap/templates/slapd.conf.j2 new file mode 100644 index 0000000..215ba5d --- /dev/null +++ b/roles/openldap/templates/slapd.conf.j2 @@ -0,0 +1,16 @@ +# default config from /etc/openldap/slapd.conf +include /etc/openldap/schema/core.schema +pidfile /run/openldap/slapd.pid +argsfile /run/openldap/slapd.args + +# custom config +allow bind_anon_dn +access to attrs=userPassword by * auth +access to * by * read +loglevel 256 + +database mdb +suffix "dc=kucharczyk, dc=xyz" +rootdn "cn=admin, dc=kucharczyk, dc=xyz" +rootpw {SSHA}sgIeW4kyz3t0OyfZ1IZjzEDDb31JI3xK +directory /var/lib/ldap \ No newline at end of file -- 2.40.1 From c93f579af9ebe8846433301fa097bb018e7b99b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kucharczyk?= Date: Sun, 16 May 2021 23:46:45 +0200 Subject: [PATCH 2/4] Make loading of custom ldifs work --- roles/openldap/tasks/main.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/openldap/tasks/main.yml b/roles/openldap/tasks/main.yml index 3796efb..41570ad 100644 --- a/roles/openldap/tasks/main.yml +++ b/roles/openldap/tasks/main.yml @@ -7,17 +7,17 @@ - "{{ data_folder }}/openldap" - "{{ data_folder }}/openldap/data" - "{{ data_folder }}/openldap/slapd.d" - # - "{{ data_folder }}/openldap/ldifs" + - "{{ data_folder }}/openldap/ldifs" # - name: copy slapd.conf # template: # src: slapd.conf.j2 # dest: "{{ data_folder }}/openldap/slapd.d/slapd.conf" # mode: '0755' -# - name: copy user ldif -# template: -# src: lukas.ldif.j2 -# dest: "{{ data_folder }}/openldap/ldifs/lukas.ldif" -# mode: '0755' +- name: copy user ldif + template: + src: lukas.ldif.j2 + dest: "{{ data_folder }}/openldap/ldifs/lukas.ldif" + mode: '0755' - name: run container docker_container: name: "openldap" @@ -31,10 +31,11 @@ volumes: - "{{ data_folder }}/openldap/data:/var/lib/ldap" - "{{ data_folder }}/openldap/slapd.d:/etc/ldap/slapd.d" - # - "{{ data_folder }}/openldap/ldifs:/container/service/slapd/assets/config/bootstrap/ldif/custom" + - "{{ data_folder }}/openldap/ldifs:/container/service/slapd/assets/config/bootstrap/ldif/custom" env: LDAP_ORGANISATION: "Homelab" LDAP_DOMAIN: "kucharczyk.xyz" + LDAP_REMOVE_CONFIG_AFTER_SETUP: "false" LDAP_ADMIN_PASSWORD: !vault | $ANSIBLE_VAULT;1.1;AES256 35623735376134353839323136623133393035343162363366643632376262393539653736326431 -- 2.40.1 From 8d193080dcc4a75ad24d382b6b76aa6b6c03f5bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kucharczyk?= Date: Sun, 16 May 2021 23:47:07 +0200 Subject: [PATCH 3/4] Allow outside access to LDAP --- roles/openldap/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/openldap/tasks/main.yml b/roles/openldap/tasks/main.yml index 41570ad..4343c04 100644 --- a/roles/openldap/tasks/main.yml +++ b/roles/openldap/tasks/main.yml @@ -24,6 +24,7 @@ image: osixia/openldap command: "--loglevel debug" networks: + - name: bridge - name: nginx-internal ports: - "389:389" -- 2.40.1 From c79009e541428b1fd112dbbd4dbb362897a48069 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kucharczyk?= Date: Tue, 18 May 2021 19:37:43 +0200 Subject: [PATCH 4/4] Add hostname to OpenLDAP, remove bridge network --- roles/openldap/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/openldap/tasks/main.yml b/roles/openldap/tasks/main.yml index 4343c04..f5dd228 100644 --- a/roles/openldap/tasks/main.yml +++ b/roles/openldap/tasks/main.yml @@ -23,8 +23,9 @@ name: "openldap" image: osixia/openldap command: "--loglevel debug" + hostname: ldap.dev.local networks: - - name: bridge + # - name: bridge - name: nginx-internal ports: - "389:389" -- 2.40.1