vn-ansible/roles/config-centralized-auth/tasks/main.yaml

52 lines
1.8 KiB
YAML
Raw Normal View History

2024-02-15 11:19:50 +00:00
- name: "[CONFIG CENTRALIZED AUTH] Comprobando si es necesario configurar centralized auth"
meta: end_host
when: centralized-auth_enabled is not defined or not centralized-auth_enabled
2024-02-12 09:31:30 +00:00
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# configure centralized authentication [nslcd]
# paso1 - Copy
- name: copy file nslcd.conf
copy:
src: nslcd.conf
dest: /etc/nslcd.conf
owner: root
group: nslcd
mode: '0640'
backup: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso2 - lineinfile password with vault
- name: add password with ansible vault to file nslcd.conf
lineinfile:
dest: /etc/nslcd.conf
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^bindpw"
line: "bindpw {{ bindpw_password }}"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso3 - editar lineas fichero /etc/nsswitch.conf
- name: edit file /etc/nsswitch.conf
lineinfile:
dest: /etc/nsswitch.conf
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^passwd:"
line: "passwd: files systemd ldap"
- regexp: "^group:"
line: "group: files systemd ldap"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso4 - reconfigure PAM to use LDAP
- name: reconfigure PAM to use LDAP
shell: pam-auth-update --enable ldap
notify: restart nslcd
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# service should start on boot.
- name: service should start on boot
service:
name: "{{ nslcd_daemon }}"
enabled: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++