vn-ansible/roles/config-centralized-auth/tasks/main.yaml


- name: "[CONFIG CENTRALIZED AUTH] Comprobando si es necesario configurar centralized auth"
  meta: end_host
  when: centralized_auth_enabled is not defined or not centralized_auth_enabled

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# configure centralized authentication [nslcd]
# paso1 - Copy
- name: copy file nslcd.conf
  copy:
    src: nslcd.conf
    dest: /etc/nslcd.conf
    owner: root
    group: nslcd
    mode: '0640'
    backup: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   
# paso2 - lineinfile password with vault
- name: add password with ansible vault to file nslcd.conf
  lineinfile:
    dest: /etc/nslcd.conf
    regexp: "{{item.regexp}}"
    line: "{{item.line}}"
    state: present
  with_items: 
    - regexp: "^bindpw"
      line: "bindpw {{ bindpw_password }}"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso3 - editar lineas fichero /etc/nsswitch.conf
- name: edit file /etc/nsswitch.conf
  lineinfile:
    dest: /etc/nsswitch.conf
    regexp: "{{item.regexp}}"
    line: "{{item.line}}"
    state: present
  with_items:
    - regexp: "^passwd:"
      line: "passwd:         files systemd ldap"
    - regexp: "^group:"
      line: "group:          files systemd ldap"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso4 - reconfigure PAM to use LDAP
- name: reconfigure PAM to use LDAP
  shell: pam-auth-update --enable ldap
  notify: restart nslcd
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# service should start on boot.
- name: service should start on boot
  service:
    name: "{{ nslcd_daemon }}"
    enabled: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
add conditional 2024-02-15 11:19:50 +00:00
			`- name: "[CONFIG CENTRALIZED AUTH] Comprobando si es necesario configurar centralized auth"`
			`meta: end_host`
vars with underscore 2024-02-15 17:50:53 +00:00			`when: centralized_auth_enabled is not defined or not centralized_auth_enabled`
add conditional 2024-02-15 11:19:50 +00:00
rol and playbook centralized auth 2024-02-12 09:31:30 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`# configure centralized authentication [nslcd]`
			`# paso1 - Copy`
			`- name: copy file nslcd.conf`
			`copy:`
			`src: nslcd.conf`
			`dest: /etc/nslcd.conf`
			`owner: root`
			`group: nslcd`
			`mode: '0640'`
			`backup: yes`
			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`# paso2 - lineinfile password with vault`
			`- name: add password with ansible vault to file nslcd.conf`
			`lineinfile:`
			`dest: /etc/nslcd.conf`
			`regexp: "{{item.regexp}}"`
			`line: "{{item.line}}"`
			`state: present`
			`with_items:`
			`- regexp: "^bindpw"`
			`line: "bindpw {{ bindpw_password }}"`
			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`# paso3 - editar lineas fichero /etc/nsswitch.conf`
			`- name: edit file /etc/nsswitch.conf`
			`lineinfile:`
			`dest: /etc/nsswitch.conf`
			`regexp: "{{item.regexp}}"`
			`line: "{{item.line}}"`
			`state: present`
			`with_items:`
			`- regexp: "^passwd:"`
			`line: "passwd: files systemd ldap"`
			`- regexp: "^group:"`
			`line: "group: files systemd ldap"`
			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`# paso4 - reconfigure PAM to use LDAP`
			`- name: reconfigure PAM to use LDAP`
			`shell: pam-auth-update --enable ldap`
			`notify: restart nslcd`
			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`# service should start on boot.`
			`- name: service should start on boot`
			`service:`
			`name: "{{ nslcd_daemon }}"`
			`enabled: yes`
			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`