Add OpenLDAP #31

Merged
lukas merged 4 commits from add-ldap into main 2021-05-18 17:38:57 +00:00
5 changed files with 86 additions and 0 deletions

View File

@ -4,5 +4,6 @@
- docker - docker
- nginx - nginx
- jellyfin - jellyfin
- openldap
vars_files: vars_files:
- vault/certs/{{ base_domain }}.yml - vault/certs/{{ base_domain }}.yml

View File

@ -0,0 +1,49 @@
- name: ensure directories exist
file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- "{{ data_folder }}/openldap"
- "{{ data_folder }}/openldap/data"
- "{{ data_folder }}/openldap/slapd.d"
- "{{ data_folder }}/openldap/ldifs"
# - name: copy slapd.conf
# template:
# src: slapd.conf.j2
# dest: "{{ data_folder }}/openldap/slapd.d/slapd.conf"
# mode: '0755'
- name: copy user ldif
template:
src: lukas.ldif.j2
dest: "{{ data_folder }}/openldap/ldifs/lukas.ldif"
mode: '0755'
- name: run container
docker_container:
name: "openldap"
image: osixia/openldap
command: "--loglevel debug"
hostname: ldap.dev.local
networks:
# - name: bridge
- name: nginx-internal
ports:
- "389:389"
- "636:636"
volumes:
- "{{ data_folder }}/openldap/data:/var/lib/ldap"
- "{{ data_folder }}/openldap/slapd.d:/etc/ldap/slapd.d"
- "{{ data_folder }}/openldap/ldifs:/container/service/slapd/assets/config/bootstrap/ldif/custom"
env:
LDAP_ORGANISATION: "Homelab"
LDAP_DOMAIN: "kucharczyk.xyz"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
LDAP_ADMIN_PASSWORD: !vault |
$ANSIBLE_VAULT;1.1;AES256
35623735376134353839323136623133393035343162363366643632376262393539653736326431
6635373265313033653861393463633835333639346239650a303463323063373866316162616131
66356335346631386265363462353034393735366430636634643466376435313638303938363363
3838396139663964300a633931303135376566633363303336373937373138643564636263656233
6239
state: started
restart: yes

View File

@ -0,0 +1,6 @@
dn: dc=kucharczyk,dc=xyz
objectclass: top
objectclass: dcObject
objectclass: organization
dc: kucharczyk
o: Homelab

View File

@ -0,0 +1,14 @@
dn: uid=lukas,dc=kucharczyk,dc=xyz
uid: lukas
cn: lukas
givenName: Lukas
sn: Kucharczyk
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/lukas
uidNumber: 1000
gidNumber: 1000
userPassword: {SSHA}zsJllCeWKbz1we+L/gu/yt0hxeBdvJfT
mail: lukas@kucharczyk.xyz

View File

@ -0,0 +1,16 @@
# default config from /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
pidfile /run/openldap/slapd.pid
argsfile /run/openldap/slapd.args
# custom config
allow bind_anon_dn
access to attrs=userPassword by * auth
access to * by * read
loglevel 256
database mdb
suffix "dc=kucharczyk, dc=xyz"
rootdn "cn=admin, dc=kucharczyk, dc=xyz"
rootpw {SSHA}sgIeW4kyz3t0OyfZ1IZjzEDDb31JI3xK
directory /var/lib/ldap