47 lines
1.6 KiB
YAML
47 lines
1.6 KiB
YAML
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||
|
|
# configure centralized authentication [nslcd]
|
||
|
|
# paso1 - Copy
|
||
|
|
- name: copy file nslcd.conf
|
||
|
|
copy:
|
||
|
|
src: nslcd.conf
|
||
|
|
dest: /etc/nslcd.conf
|
||
|
|
owner: root
|
||
|
|
group: nslcd
|
||
|
|
mode: '0640'
|
||
|
|
backup: yes
|
||
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||
|
|
# paso2 - lineinfile password with vault
|
||
|
|
- name: add password with ansible vault to file nslcd.conf
|
||
|
|
lineinfile:
|
||
|
|
dest: /etc/nslcd.conf
|
||
|
|
regexp: "{{item.regexp}}"
|
||
|
|
line: "{{item.line}}"
|
||
|
|
state: present
|
||
|
|
with_items:
|
||
|
|
- regexp: "^bindpw"
|
||
|
|
line: "bindpw {{ bindpw_password }}"
|
||
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||
|
|
# paso3 - editar lineas fichero /etc/nsswitch.conf
|
||
|
|
- name: edit file /etc/nsswitch.conf
|
||
|
|
lineinfile:
|
||
|
|
dest: /etc/nsswitch.conf
|
||
|
|
regexp: "{{item.regexp}}"
|
||
|
|
line: "{{item.line}}"
|
||
|
|
state: present
|
||
|
|
with_items:
|
||
|
|
- regexp: "^passwd:"
|
||
|
|
line: "passwd: files systemd ldap"
|
||
|
|
- regexp: "^group:"
|
||
|
|
line: "group: files systemd ldap"
|
||
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||
|
|
# paso4 - reconfigure PAM to use LDAP
|
||
|
|
- name: reconfigure PAM to use LDAP
|
||
|
|
shell: pam-auth-update --enable ldap
|
||
|
|
notify: restart nslcd
|
||
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||
|
|
# service should start on boot.
|
||
|
|
- name: service should start on boot
|
||
|
|
service:
|
||
|
|
name: "{{ nslcd_daemon }}"
|
||
|
|
enabled: yes
|
||
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|