├── files └── .gitkeep ├── templates ├── .gitkeep └── etc │ ├── ldap │ ├── slapd.d │ │ ├── schema_conversion.conf.j2 │ │ └── populate_content.ldif.j2 │ └── ldap.conf.j2 │ └── phpldapadmin │ └── config.php.j2 ├── .gitignore ├── requirements-dev.txt ├── vars └── main.yml ├── CONTRIBUTORS.md ├── requirements.yml ├── requirements.txt ├── handlers └── main.yml ├── tasks ├── main.yml ├── config_openldap_overlays.yml ├── config_openldap_schemas.yml ├── config_openldap_schemas_ldifs.yml ├── debian.yml └── config_openldap.yml ├── molecule ├── centos7 │ ├── verify.yml │ ├── molecule.yml │ └── INSTALL.rst ├── centos8 │ ├── verify.yml │ ├── molecule.yml │ └── INSTALL.rst ├── debian8 │ ├── verify.yml │ ├── molecule.yml │ └── INSTALL.rst ├── debian9 │ ├── verify.yml │ ├── molecule.yml │ └── INSTALL.rst ├── fedora │ ├── verify.yml │ ├── molecule.yml │ └── INSTALL.rst ├── shared │ ├── verify.yml │ └── converge.yml ├── debian10 │ ├── verify.yml │ ├── molecule.yml │ └── INSTALL.rst ├── ubuntu1604 │ ├── verify.yml │ ├── molecule.yml │ └── INSTALL.rst └── ubuntu1804 │ ├── verify.yml │ ├── molecule.yml │ └── INSTALL.rst ├── CONTRIBUTING.md ├── playbook.yml ├── meta └── main.yml ├── .travis.yml ├── .github ├── stale.yml └── workflows │ └── default.yml ├── .yamllint ├── .gitlab-ci.yml ├── LICENSE.md ├── README.md ├── defaults └── main.yml ├── CODE_OF_CONDUCT.md └── CHANGELOG.md /files/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /templates/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | venv/ 2 | -------------------------------------------------------------------------------- /requirements-dev.txt: -------------------------------------------------------------------------------- 1 | # Python requirements for development -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-openldap 3 | -------------------------------------------------------------------------------- /CONTRIBUTORS.md: -------------------------------------------------------------------------------- 1 | Larry Smith Jr. - mrlesmithjr@gmail.com 2 | -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/mrlesmithjr/ansible-etc-hosts.git 3 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # Python requirements for executing 2 | ansible 3 | ansible-lint 4 | docker 5 | flake8 6 | molecule 7 | testinfra -------------------------------------------------------------------------------- /templates/etc/ldap/slapd.d/schema_conversion.conf.j2: -------------------------------------------------------------------------------- 1 | {% for schema in openldap_schemas %} 2 | include /etc/ldap/schema/{{ schema }}.schema 3 | {% endfor %} 4 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for ansible-openldap 3 | - name: restart slapd 4 | service: 5 | name: slapd 6 | state: restarted 7 | become: true 8 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for ansible-openldap 3 | - include_tasks: debian.yml 4 | when: ansible_os_family == "Debian" 5 | 6 | - include_tasks: config_openldap.yml 7 | when: openldap_config|bool 8 | -------------------------------------------------------------------------------- /molecule/centos7/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/centos8/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/debian8/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/debian9/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/fedora/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/shared/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/debian10/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/ubuntu1604/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/ubuntu1804/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/shared/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | vars: 5 | etc_hosts_add_all_hosts: true 6 | tasks: 7 | # - name: Include ansible-etc-hosts 8 | # include_role: 9 | # name: ansible-etc-hosts 10 | - name: Include ansible-openldap 11 | include_role: 12 | name: ansible-openldap 13 | -------------------------------------------------------------------------------- /templates/etc/ldap/ldap.conf.j2: -------------------------------------------------------------------------------- 1 | # 2 | # LDAP Defaults 3 | # 4 | 5 | # See ldap.conf(5) for details 6 | # This file should be world readable but not world writable. 7 | 8 | BASE {{ openldap_base }} 9 | URI ldap://{{ ansible_fqdn }} ldap://{{ ansible_fqdn }}:666 10 | 11 | #SIZELIMIT 12 12 | #TIMELIMIT 15 13 | #DEREF never 14 | 15 | # TLS certificates (needed for GnuTLS) 16 | TLS_CACERT /etc/ssl/certs/ca-certificates.crt 17 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to ansible-openldap 2 | 3 | ## Table Of Contents 4 | 5 | [Code of Conduct](#code-of-conduct) 6 | 7 | ## Code of Conduct 8 | 9 | This project and everyone participating in it is governed by the [ansible-openldap Code of Conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code. Please report unacceptable behavior to [mrlesmithjr@gmail.com](mailto:mrlesmithjr@gmail.com). 10 | -------------------------------------------------------------------------------- /playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Example Playbook 3 | hosts: all 4 | vars: 5 | etc_hosts_add_all_hosts: true 6 | openldap_base: "dc=vagrant,dc=local" 7 | openldap_domain_name: "{{ pri_domain_name }}" 8 | pri_domain_name: vagrant.local 9 | tasks: 10 | - name: Include ansible-etc-hosts 11 | include_role: 12 | name: ansible-etc-hosts 13 | - name: Include ansible-openldap 14 | include_role: 15 | name: ansible-openldap 16 | -------------------------------------------------------------------------------- /molecule/fedora/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: true 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: fedora 15 | image: jrei/systemd-fedora 16 | privileged: true 17 | command: /usr/sbin/init 18 | # tmpfs: 19 | # - /run 20 | # - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/centos7/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: true 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: centos7 15 | image: jrei/systemd-centos:7 16 | privileged: true 17 | command: /usr/sbin/init 18 | # tmpfs: 19 | # - /run 20 | # - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/centos8/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: true 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: centos8 15 | image: jrei/systemd-centos:8 16 | privileged: true 17 | command: /usr/sbin/init 18 | # tmpfs: 19 | # - /run 20 | # - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /tasks/config_openldap_overlays.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: config_openldap_overlays | copying ldif files 3 | copy: 4 | src: 'files/openldap/overlays/{{ item.path }}' 5 | dest: '{{ openldap_ldif_tmp_dir }}/{{ item.path }}' 6 | owner: 'root' 7 | group: 'root' 8 | mode: '0640' 9 | become: true 10 | with_items: "{{overlay.ldifs}}" 11 | 12 | - name: config_openldap_overlays | applying or configuring overlay 13 | command: "ldap{{item.action}} -Y EXTERNAL -H ldapi:/// -f {{ openldap_ldif_tmp_dir }}/{{ item.path }}" 14 | ignore_errors: yes #fails on duplicate 15 | with_items: "{{overlay.ldifs}}" 16 | 17 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Larry Smith Jr. 4 | description: Installs and configures OpenLDAP and phpLDAPadmin 5 | license: MIT 6 | min_ansible_version: 2.8 7 | 8 | platforms: 9 | - name: Ubuntu 10 | versions: 11 | - bionic 12 | - trusty 13 | - xenial 14 | # - name: Fedora 15 | # versions: 16 | # - all 17 | # - 25 18 | # - name: SomePlatform 19 | # versions: 20 | # - all 21 | # - 1.0 22 | # - 7 23 | # - 99.99 24 | 25 | galaxy_tags: 26 | - administration 27 | - ldap 28 | - authentication 29 | 30 | dependencies: [] 31 | -------------------------------------------------------------------------------- /molecule/debian8/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: true 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: debian8 15 | image: jrei/systemd-debian:8 16 | privileged: true 17 | command: /lib/systemd/systemd 18 | # tmpfs: 19 | # - /run 20 | # - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/debian9/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: true 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: debian9 15 | image: jrei/systemd-debian:9 16 | privileged: true 17 | command: /lib/systemd/systemd 18 | # tmpfs: 19 | # - /run 20 | # - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/debian10/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: true 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: debian10 15 | image: jrei/systemd-debian:10 16 | privileged: true 17 | command: /lib/systemd/systemd 18 | # tmpfs: 19 | # - /run 20 | # - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/ubuntu1604/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: true 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: ubuntu1604 15 | image: jrei/systemd-ubuntu:16.04 16 | privileged: true 17 | command: /lib/systemd/systemd 18 | # tmpfs: 19 | # - /run 20 | # - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/ubuntu1804/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: true 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: ubuntu1804 15 | image: jrei/systemd-ubuntu:18.04 16 | privileged: true 17 | command: /lib/systemd/systemd 18 | # tmpfs: 19 | # - /run 20 | # - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/fedora/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/centos7/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/centos8/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/debian10/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/debian8/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/debian9/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/ubuntu1604/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/ubuntu1804/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | sudo: required 3 | language: python 4 | services: 5 | - docker 6 | before_install: 7 | - sudo apt-get -qq update 8 | install: 9 | - pip3 install -r requirements.txt 10 | - ansible --version 11 | - molecule --version 12 | script: 13 | # - molecule test --scenario-name centos7 14 | # - molecule test --scenario-name centos8 15 | # - molecule test --scenario-name debian8 16 | # - molecule test --scenario-name debian9 17 | # - molecule test --scenario-name debian10 18 | # - molecule test --scenario-name fedora 19 | - molecule test --scenario-name ubuntu1604 20 | - molecule test --scenario-name ubuntu1804 21 | notifications: 22 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 23 | -------------------------------------------------------------------------------- /.github/stale.yml: -------------------------------------------------------------------------------- 1 | # Number of days of inactivity before an issue becomes stale 2 | daysUntilStale: 60 3 | # Number of days of inactivity before a stale issue is closed 4 | daysUntilClose: 7 5 | # Issues with these labels will never be considered stale 6 | exemptLabels: 7 | - pinned 8 | - security 9 | # Label to use when marking an issue as stale 10 | staleLabel: wontfix 11 | # Comment to post when marking an issue as stale. Set to `false` to disable 12 | markComment: > 13 | This issue has been automatically marked as stale because it has not had 14 | recent activity. It will be closed if no further activity occurs. Thank you 15 | for your contributions. 16 | # Comment to post when closing a stale issue. Set to `false` to disable 17 | closeComment: false 18 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on ansible-lint config 3 | extends: default 4 | 5 | ignore: | 6 | venv/ 7 | 8 | rules: 9 | braces: 10 | max-spaces-inside: 1 11 | level: error 12 | brackets: 13 | max-spaces-inside: 1 14 | level: error 15 | colons: 16 | max-spaces-after: -1 17 | level: error 18 | commas: 19 | max-spaces-after: -1 20 | level: error 21 | comments: disable 22 | comments-indentation: disable 23 | document-start: disable 24 | empty-lines: 25 | max: 3 26 | level: error 27 | hyphens: 28 | level: error 29 | indentation: disable 30 | key-duplicates: enable 31 | line-length: disable 32 | new-line-at-end-of-file: disable 33 | new-lines: 34 | type: unix 35 | trailing-spaces: disable 36 | truthy: disable 37 | -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | image: docker:git 3 | 4 | services: 5 | - docker:dind 6 | 7 | before_script: 8 | - apk update && apk add --no-cache docker 9 | python3-dev py3-pip docker gcc git curl build-base 10 | autoconf automake py3-cryptography linux-headers 11 | musl-dev libffi-dev openssl-dev openssh 12 | - docker info 13 | - python3 --version 14 | - pip3 install -r requirements.txt 15 | - ansible --version 16 | - molecule --version 17 | 18 | molecule: 19 | stage: test 20 | script: 21 | # - molecule test --scenario-name centos7 22 | # - molecule test --scenario-name centos8 23 | # - molecule test --scenario-name debian8 24 | # - molecule test --scenario-name debian9 25 | # - molecule test --scenario-name debian10 26 | # - molecule test --scenario-name fedora 27 | - molecule test --scenario-name ubuntu1604 28 | - molecule test --scenario-name ubuntu1804 29 | -------------------------------------------------------------------------------- /tasks/config_openldap_schemas.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: config_openldap_schemas | copying schemas files 3 | copy: 4 | src: '{{ item }}' 5 | dest: '/etc/ldap/schema/' 6 | owner: 'root' 7 | group: 'root' 8 | mode: '0640' 9 | with_fileglob: 10 | - 'files/openldap/schema/*.schema' 11 | become: true 12 | 13 | - name: config_openldap_schemas | creating a conversion file 14 | template: 15 | src: etc/ldap/slapd.d/schema_conversion.conf.j2 16 | dest: '{{ openldap_ldif_tmp_dir }}/schema_conversion.conf' 17 | owner: root 18 | group: root 19 | mode: 0644 20 | become: true 21 | 22 | - name: config_openldap_schemas | covertyng *.schema to *.ldif 23 | command: slaptest -f {{ openldap_ldif_tmp_dir }}/schema_conversion.conf -F {{ openldap_ldif_tmp_dir }} 24 | 25 | - name: config_openldap_schemas | adding new schemas 26 | include_tasks: "config_openldap_schemas_ldifs.yml" 27 | with_items: "{{ openldap_schemas }}" 28 | loop_control: 29 | loop_var: schema 30 | 31 | -------------------------------------------------------------------------------- /templates/etc/ldap/slapd.d/populate_content.ldif.j2: -------------------------------------------------------------------------------- 1 | {% for item in openldap_organizationalunits %} 2 | dn: ou={{ item }},{{ openldap_base }} 3 | objectClass: organizationalUnit 4 | 5 | {% endfor %} 6 | 7 | {% for item in openldap_posixgroups %} 8 | dn: cn={{ item.name }},ou={{ item.ou }},{{ openldap_base }} 9 | objectClass: posixGroup 10 | cn: {{ item.name }} 11 | gidNumber: {{ item.gidNum }} 12 | {% endfor %} 13 | 14 | {% for item in openldap_users %} 15 | dn: uid={{ item.FirstName|lower }},ou={{ item.ou }},{{ openldap_base }} 16 | objectClass: inetOrgPerson 17 | objectClass: posixAccount 18 | objectClass: shadowAccount 19 | uid: {{ item.FirstName|lower }} 20 | sn: {{ item.LastName }} 21 | givenName: {{ item.FirstName }} 22 | cn: {{ item.FirstName }} {{ item.LastName }} 23 | displayName: {{ item.FirstName }} {{ item.LastName }} 24 | uidNumber: {{ item.uidNum }} 25 | gidNumber: {{ item.gidNum }} 26 | userPassword: {{ item.password }} 27 | gecos: {{ item.FirstName }} {{ item.LastName }} 28 | loginShell: {{ item.loginShell }} 29 | homeDirectory: {{ item.homeDirectory }} 30 | {% endfor %} 31 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Larry Smith Jr. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ansible-openldap 2 | 3 | Installs and configures [OpenLDAP](http://www.openldap.org/) and phpLDAPadmin 4 | 5 | ## Build Status 6 | 7 | ### GitHub Actions 8 | 9 | ![Molecule Test](https://github.com/mrlesmithjr/ansible-openldap/workflows/Molecule%20Test/badge.svg) 10 | 11 | ### Travis CI 12 | 13 | [![Build Status](https://travis-ci.org/mrlesmithjr/ansible-openldap.svg?branch=master)](https://travis-ci.org/mrlesmithjr/ansible-openldap) 14 | 15 | ## Requirements 16 | 17 | For any required Ansible roles, review: 18 | [requirements.yml](requirements.yml) 19 | 20 | ## Role Variables 21 | 22 | [defaults/main.yml](defaults/main.yml) 23 | 24 | ## Dependencies 25 | 26 | ## Example Playbook 27 | 28 | [playbook.yml](playbook.yml) 29 | 30 | ## License 31 | 32 | MIT 33 | 34 | ## Author Information 35 | 36 | Larry Smith Jr. 37 | 38 | - [@mrlesmithjr](https://twitter.com/mrlesmithjr) 39 | - [mrlesmithjr@gmail.com](mailto:mrlesmithjr@gmail.com) 40 | - [http://everythingshouldbevirtual.com](http://everythingshouldbevirtual.com) 41 | 42 | > NOTE: Repo has been created/updated using [https://github.com/mrlesmithjr/cookiecutter-ansible-role](https://github.com/mrlesmithjr/cookiecutter-ansible-role) as a template. 43 | -------------------------------------------------------------------------------- /.github/workflows/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Molecule Test 3 | on: push 4 | jobs: 5 | build: 6 | runs-on: ubuntu-latest 7 | strategy: 8 | max-parallel: 4 9 | matrix: 10 | python-version: [3.5, 3.6, 3.7] 11 | 12 | steps: 13 | - uses: actions/checkout@v1 14 | with: 15 | path: ansible-openldap 16 | - name: Set up Python ${{ matrix.python-version }} 17 | uses: actions/setup-python@v1 18 | with: 19 | python-version: ${{ matrix.python-version }} 20 | - name: Install dependencies 21 | run: | 22 | sudo apt install docker 23 | python -m pip install --upgrade pip 24 | pip3 install -r requirements.txt 25 | ansible --version 26 | molecule --version 27 | - name: Test with molecule 28 | run: | 29 | # molecule test --scenario-name centos7 30 | # molecule test --scenario-name centos8 31 | # molecule test --scenario-name debian8 32 | # molecule test --scenario-name debian9 33 | # molecule test --scenario-name debian10 34 | # molecule test --scenario-name fedora 35 | molecule test --scenario-name ubuntu1604 36 | molecule test --scenario-name ubuntu1804 37 | -------------------------------------------------------------------------------- /tasks/config_openldap_schemas_ldifs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: config_openldap_schemas_ldfis | getting converted *.ldif 3 | find: 4 | paths: '{{ openldap_ldif_tmp_dir }}/cn=config/cn=schema/' 5 | patterns: '*{{ schema }}.ldif' 6 | register: converted_ldif 7 | 8 | - name: config_openldap_schemas_ldfis | correcting dn in ldif 9 | lineinfile: 10 | path: "{{ converted_ldif.files[0].path }}" 11 | regexp: "^dn: cn={[0-9]*}{{ schema }}$" 12 | line: "dn: cn={{ schema }},cn=schema,cn=config" 13 | 14 | - name: config_openldap_schemas_ldfis | correcting cn in ldif 15 | lineinfile: 16 | path: "{{ converted_ldif.files[0].path }}" 17 | regexp: "^cn: {[0-9]*}{{ schema }}$" 18 | line: "cn: {{ schema }}" 19 | 20 | - name: config_openldap_schemas_ldfis | removing file lines in ldif 21 | lineinfile: 22 | path: "{{ converted_ldif.files[0].path }}" 23 | regexp: "^{{ item }}" 24 | state: "absent" 25 | with_items: ["structuralObjectClass:","entryUUID:","creatorsName:","createTimestamp:","entryCSN:","modifiersName:","modifyTimestamp:"] 26 | 27 | - name: config_openldap_schemas_ldfis | adding new schema to LDAP tree 28 | command: ldapadd -Y EXTERNAL -H ldapi:/// -f {{ converted_ldif.files[0].path }} 29 | ignore_errors: yes #fails on duplicate 30 | 31 | -------------------------------------------------------------------------------- /tasks/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: debian | definining openldap install settings 3 | debconf: 4 | name: slapd 5 | question: "{{ item['question'] }}" 6 | value: "{{ item['value'] }}" 7 | vtype: "{{ item['vtype'] }}" 8 | become: true 9 | changed_when: false 10 | no_log: true 11 | loop: 12 | - question: slapd/internal/generated_adminpw 13 | value: "{{ openldap_admin_password }}" 14 | vtype: password 15 | - question: slapd/password2 16 | value: "{{ openldap_admin_password }}" 17 | vtype: password 18 | - question: slapd/internal/adminpw 19 | value: "{{ openldap_admin_password }}" 20 | vtype: password 21 | - question: slapd/password1 22 | value: "{{ openldap_admin_password }}" 23 | vtype: password 24 | - question: slapd/domain 25 | value: "{{ openldap_domain_name }}" 26 | vtype: string 27 | - question: shared/organization 28 | value: "{{ openldap_org }}" 29 | vtype: string 30 | - question: slapd/backend 31 | value: "{{ openldap_db_engine }}" 32 | vtype: string 33 | 34 | - name: debian | installing packages 35 | apt: 36 | name: "{{ openldap_debian_packages }}" 37 | state: present 38 | become: true 39 | register: result 40 | until: result is successful 41 | -------------------------------------------------------------------------------- /tasks/config_openldap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: config_openldap | configuring ldap 3 | template: 4 | src: etc/ldap/ldap.conf.j2 5 | dest: /etc/ldap/ldap.conf 6 | owner: root 7 | group: root 8 | mode: 0644 9 | become: true 10 | 11 | - name: config_openldap | configuring phpldapadmin 12 | template: 13 | src: etc/phpldapadmin/config.php.j2 14 | dest: /etc/phpldapadmin/config.php 15 | owner: root 16 | group: www-data 17 | mode: 0640 18 | become: true 19 | when: '"phpldapadmin" in openldap_debian_packages' 20 | 21 | - name: config_openldap | creating temp folder 22 | file: 23 | path: '{{ openldap_ldif_tmp_dir }}' 24 | state: directory 25 | owner: 'root' 26 | group: 'root' 27 | mode: '0640' 28 | become: true 29 | 30 | - name: config_openldap | extending LDAP Schema 31 | include_tasks: config_openldap_schemas.yml 32 | when: openldap_schemas|length > 0 33 | 34 | - name: config_openldap | managing overlays 35 | include_tasks: config_openldap_overlays.yml 36 | with_items: "{{ openldap_overlays_and_acls }}" 37 | loop_control: 38 | loop_var: overlay 39 | 40 | - name: config_openldap | deleting temp folder 41 | file: 42 | path: '{{ openldap_ldif_tmp_dir }}' 43 | state: absent 44 | become: true 45 | 46 | - name: config_openldap | creating database population config 47 | template: 48 | src: etc/ldap/slapd.d/populate_content.ldif.j2 49 | dest: /etc/ldap/slapd.d/populate_content.ldif 50 | owner: root 51 | group: root 52 | mode: 0640 53 | become: true 54 | 55 | - name: config_openldap | setting admin password # noqa 301 305 56 | shell: slappasswd -s {{ openldap_admin_password }} 57 | register: _openldap_admin_password 58 | become: true 59 | 60 | - name: config_openldap | restart slapd 61 | service: 62 | name: slapd 63 | enabled: true 64 | state: restarted 65 | when: 66 | - _openldap_admin_password is defined 67 | 68 | # Ignore errors to get around erroring out that items already exist 69 | # This needs to be more idempotent 70 | - name: config_openldap | populating openLDAP # noqa 305 71 | shell: "ldapadd -x -D {{ openldap_bind_id }} -w {{ openldap_admin_password }} -f /etc/ldap/slapd.d/populate_content.ldif" 72 | ignore_errors: true 73 | when: 74 | - openldap_populate is defined 75 | - openldap_populate|bool 76 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ansible-openldap 3 | openldap_admin_password: P@55w0rd 4 | openldap_admin_user: admin 5 | openldap_base: "{{ 'dc=' + openldap_org + ',dc=' + openldap_tld }}" 6 | openldap_bind_id: "{{ 'cn=' + openldap_bind_user + ',' + openldap_base }}" 7 | openldap_bind_user: "{{ openldap_admin_user }}" 8 | 9 | # Defines whether or not OpenLDAP is configured 10 | openldap_config: false 11 | 12 | openldap_debian_packages: 13 | - slapd 14 | - ldap-utils 15 | - php-xml 16 | - phpldapadmin 17 | 18 | openldap_domain_name: "{{ openldap_org + '.' + openldap_tld }}" 19 | 20 | openldap_org: example 21 | 22 | # Defines OU's to populate 23 | openldap_organizationalunits: 24 | - People 25 | - Groups 26 | 27 | openldap_phpldapadmin_hide_warnings: true 28 | 29 | # Defines if openldap DB should be populated with openldap_organizationalunits, 30 | # openldap_posixgroups and openldap_users 31 | openldap_populate: false 32 | 33 | # Defines groups to create within OU's 34 | openldap_posixgroups: 35 | - name: miners 36 | ou: Groups 37 | gidNum: 5000 #start group numbers at 5000 and up 38 | 39 | # Defines host for phpLDAPadmin 40 | openldap_server_host: 127.0.0.1 41 | 42 | openldap_users: 43 | - FirstName: John 44 | LastName: Smith 45 | # Defines OU name 46 | ou: People 47 | # Start user numbers at 10000 and up 48 | uidNum: 10000 49 | # Defines gidNum from openldap_posixgroups 50 | gidNum: 5000 51 | password: P@55w0rd 52 | loginShell: /bin/bash 53 | homeDirectory: /home/john 54 | 55 | openldap_tld: org 56 | 57 | # Define a set of schema specifications files. 58 | # For a non basic schema, Its .schema file must be placed in files/openldap/schema/. This file will be copied and converted to ldif before being inserted to LDAP tree 59 | openldap_schemas: 60 | - core 61 | - cosine 62 | - inetorgperson 63 | - nis 64 | 65 | # Define DB Engine (mdb / hdb) 66 | openldap_db_engine: MDB 67 | 68 | # Temp files path 69 | openldap_ldif_tmp_dir: /tmp/ldifs 70 | 71 | # Define a the set of ldif files to configure some Overlays or ACLs 72 | # All ldif files must be placed in files/openldap/overlays/ 73 | # Use example 74 | #openldap_overlays_and_acls: 75 | # - name: overlay1 76 | # ldifs: 77 | # - path: file1.ldif 78 | # action: modify //ldapmodify 79 | # - path: file2.ldif 80 | # action: add //ldapadd 81 | openldap_overlays_and_acls: [] 82 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | - Using welcoming and inclusive language 18 | - Being respectful of differing viewpoints and experiences 19 | - Gracefully accepting constructive criticism 20 | - Focusing on what is best for the community 21 | - Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | - The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | - Trolling, insulting/derogatory comments, and personal or political attacks 28 | - Public or private harassment 29 | - Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | - Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at mrlesmithjr@gmail.com. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | 75 | For answers to common questions about this code of conduct, see 76 | https://www.contributor-covenant.org/faq 77 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | commit 9a1445b592d07cff4cf75085dd9cb61b01ed9ee8 2 | Author: Larry Smith Jr 3 | Date: Thu Feb 27 20:00:19 2020 -0500 4 | 5 | Resolving idempotency issue 6 | 7 | - Added changed_when false for debconf settings. 8 | - These settings should not be seen as a change. 9 | 10 | commit 9cd47212e5b3da367aa906d549942613b9712093 11 | Author: Larry Smith Jr 12 | Date: Thu Feb 27 19:51:11 2020 -0500 13 | 14 | Updated changelog 15 | 16 | commit eab1855654d8429988fa916a4b2d334335c1d901 17 | Author: Larry Smith Jr 18 | Date: Thu Feb 27 19:51:02 2020 -0500 19 | 20 | Disabled ansible-etc-hosts role 21 | 22 | - Not needed for now plus causes issues with testing in containers 23 | 24 | commit 6d6ed4cab029cd6e7e704e21f4693f58250a2eb7 25 | Author: Larry Smith Jr 26 | Date: Thu Feb 27 18:38:33 2020 -0500 27 | 28 | Updated changelog 29 | 30 | commit 8419056f7c519fc81b63031ef59d942a34e26511 31 | Author: Larry Smith Jr 32 | Date: Thu Feb 27 18:38:24 2020 -0500 33 | 34 | Fixing Ansible linting 35 | 36 | commit 5276cf3dd8bc58de197c54c387b8bd8420286892 37 | Author: Larry Smith Jr 38 | Date: Thu Feb 27 18:31:10 2020 -0500 39 | 40 | Updated CHANGELOG 41 | 42 | commit 942511e1168d42c41ad7b4172371b9c104263e9d 43 | Author: Larry Smith Jr 44 | Date: Thu Feb 27 18:30:51 2020 -0500 45 | 46 | Updated playbook format 47 | 48 | commit 3f0c1680960b89f22c0a4c3b2b911e27b3f27745 49 | Author: Larry Smith Jr 50 | Date: Thu Feb 27 18:30:35 2020 -0500 51 | 52 | Cleaned up formatting, etc. 53 | 54 | commit 61ef009a630f0a68a1fe082b47fd513cc48cdaa8 55 | Author: Larry Smith Jr 56 | Date: Thu Feb 27 18:30:02 2020 -0500 57 | 58 | Disabled all tests except Ubuntu 59 | 60 | commit c170a264255e48ee65ec5d5a0acaae9c2ce88f75 61 | Author: Larry Smith Jr 62 | Date: Thu Feb 27 18:05:41 2020 -0500 63 | 64 | Added new Molecule tests, etc. from new structure 65 | 66 | commit 2e3e48657c8b6bc88c1d9751e41b16d6bddb4fb1 67 | Author: Larry Smith Jr 68 | Date: Thu Feb 27 18:05:27 2020 -0500 69 | 70 | Updated files, etc. after new structure 71 | 72 | commit 803484ba8d7357ba5778bdf03cd7be211cb23027 73 | Author: Larry Smith Jr 74 | Date: Thu Feb 27 17:56:26 2020 -0500 75 | 76 | Deleted old tests, etc. not needed 77 | 78 | commit 70ab6ecb9dd5101189154f57453de23b86d99718 79 | Author: Ludger Pottmeier 80 | Date: Thu Nov 15 15:52:59 2018 +0100 81 | 82 | Fix missing php-xml issue 83 | 84 | commit 8ef138de7b6994bc0a8f277a843bab0bcfec3fc4 85 | Author: Andrew Underwood 86 | Date: Thu Sep 27 22:58:31 2018 -0500 87 | 88 | Configure travis to run tests on: 89 | * Ubuntu Trusty 90 | * Ubuntu Xenial 91 | * Ubuntu Bionic 92 | 93 | commit 3205ed11684b02ad17a76ea5ea618a4dd9aea181 94 | Author: James Kang 95 | Date: Sat Aug 4 23:39:22 2018 -0700 96 | 97 | getting Ubuntu 14.4 to work around the issues of OS provided pip not 98 | being able to install "ansible" and quick/dirty fix on using 'service' 99 | instead of 'systemd' 100 | 101 | commit 30c30465b6c8af976b6775d683808d1ca1e57c86 102 | Author: bunchc 103 | Date: Mon Feb 12 15:28:29 2018 -0600 104 | 105 | defaults/main.yml - Broke out domain components for easier reuse 106 | tasks/debian.yml - Populating openLDAP task was failing due to permissions against the nodomain org. Added slapd/domain and shared/organization to debconf to correct this 107 | tasks/debian.yml - with_items clause needed {{}} to not error 108 | tasks/config_openldap.yml - Added task to set admin password 109 | tasls/config_openldap.yml - Added task to restart slapd 110 | 111 | commit e6dfad98aa05d2ab60358afaad6d78daa45111bd 112 | Author: Larry Smith Jr 113 | Date: Tue Feb 16 17:02:35 2016 -0500 114 | 115 | Updated role info 116 | 117 | Signed-off-by: Larry Smith Jr 118 | 119 | commit b5e4c8269b0f83375ec8a60bc6f6496e0a1bde63 120 | Author: Larry Smith Jr 121 | Date: Tue Feb 16 17:01:52 2016 -0500 122 | 123 | Updated final tasks 124 | 125 | Signed-off-by: Larry Smith Jr 126 | 127 | commit 190060cf333ef08c6928803e67d2cc0a09274884 128 | Author: Larry Smith Jr 129 | Date: Tue Feb 16 16:35:48 2016 -0500 130 | 131 | Updated tasks, created add'l vars and etc. 132 | 133 | Signed-off-by: Larry Smith Jr 134 | 135 | commit 2b02f1f28a79082b70ca5713aa1284da737a33ec 136 | Author: Larry Smith Jr 137 | Date: Tue Feb 16 15:39:12 2016 -0500 138 | 139 | Added add'l vars and configurations for install 140 | 141 | Signed-off-by: Larry Smith Jr 142 | 143 | commit 75cc36e11fe434b0836b8979e6e0fecba234ac2c 144 | Author: Larry Smith Jr 145 | Date: Tue Feb 16 15:01:39 2016 -0500 146 | 147 | Added ldap and phpldapadmin configs 148 | 149 | Signed-off-by: Larry Smith Jr 150 | 151 | commit 5b82c14fbd3172831e8369e36354e3c1adb295fb 152 | Author: Larry Smith Jr 153 | Date: Tue Feb 16 13:47:54 2016 -0500 154 | 155 | first commit 156 | -------------------------------------------------------------------------------- /templates/etc/phpldapadmin/config.php.j2: -------------------------------------------------------------------------------- 1 | custom variable to do so. 15 | * For example, the default for defining the language in config_default.php 16 | * 17 | * $this->default->appearance['language'] = array( 18 | * 'desc'=>'Language', 19 | * 'default'=>'auto'); 20 | * 21 | * to override this, use $config->custom->appearance['language'] = 'en_EN'; 22 | * 23 | * This file is also used to configure your LDAP server connections. 24 | * 25 | * You must specify at least one LDAP server there. You may add 26 | * as many as you like. You can also specify your language, and 27 | * many other options. 28 | * 29 | * NOTE: Commented out values in this file prefixed by //, represent the 30 | * defaults that have been defined in config_default.php. 31 | * Commented out values prefixed by #, dont reflect their default value, you can 32 | * check config_default.php if you want to see what the default is. 33 | * 34 | * DONT change config_default.php, you changes will be lost by the next release 35 | * of PLA. Instead change this file - as it will NOT be replaced by a new 36 | * version of phpLDAPadmin. 37 | */ 38 | 39 | /********************************************* 40 | * Useful important configuration overrides * 41 | *********************************************/ 42 | 43 | /* If you are asked to put PLA in debug mode, this is how you do it: */ 44 | # $config->custom->debug['level'] = 255; 45 | # $config->custom->debug['syslog'] = true; 46 | # $config->custom->debug['file'] = '/tmp/pla_debug.log'; 47 | 48 | /* phpLDAPadmin can encrypt the content of sensitive cookies if you set this 49 | to a big random string. */ 50 | // $config->custom->session['blowfish'] = null; 51 | 52 | /* If your auth_type is http, you can override your HTTP Authentication Realm. */ 53 | // $config->custom->session['http_realm'] = sprintf('%s %s',app_name(),'login'); 54 | 55 | /* The language setting. If you set this to 'auto', phpLDAPadmin will attempt 56 | to determine your language automatically. 57 | If PLA doesnt show (all) strings in your language, then you can do some 58 | translation at http://translations.launchpad.net/phpldapadmin and download 59 | the translation files, replacing those provided with PLA. 60 | (We'll pick up the translations before making the next release too!) */ 61 | // $config->custom->appearance['language'] = 'auto'; 62 | 63 | /* The temporary storage directory where we will put jpegPhoto data 64 | This directory must be readable and writable by your web server. */ 65 | // $config->custom->jpeg['tmpdir'] = '/tmp'; // Example for Unix systems 66 | # $config->custom->jpeg['tmpdir'] = 'c:\\temp'; // Example for Windows systems 67 | 68 | /* Set this to (bool)true if you do NOT want a random salt used when 69 | calling crypt(). Instead, use the first two letters of the user's 70 | password. This is insecure but unfortunately needed for some older 71 | environments. */ 72 | # $config->custom->password['no_random_crypt_salt'] = true; 73 | 74 | /* PHP script timeout control. If php runs longer than this many seconds then 75 | PHP will stop with an Maximum Execution time error. Increase this value from 76 | the default if queries to your LDAP server are slow. The default is either 77 | 30 seconds or the setting of max_exection_time if this is null. */ 78 | // $config->custom->session['timelimit'] = 30; 79 | 80 | /* Our local timezone 81 | This is to make sure that when we ask the system for the current time, we 82 | get the right local time. If this is not set, all time() calculations will 83 | assume UTC if you have not set PHP date.timezone. */ 84 | // $config->custom->appearance['timezone'] = null; 85 | # $config->custom->appearance['timezone'] = 'Australia/Melbourne'; 86 | 87 | /********************************************* 88 | * Commands * 89 | *********************************************/ 90 | 91 | /* Command availability ; if you don't authorize a command the command 92 | links will not be shown and the command action will not be permitted. 93 | For better security, set also ACL in your ldap directory. */ 94 | /* 95 | $config->custom->commands['cmd'] = array( 96 | 'entry_internal_attributes_show' => true, 97 | 'entry_refresh' => true, 98 | 'oslinks' => true, 99 | 'switch_template' => true 100 | ); 101 | 102 | $config->custom->commands['script'] = array( 103 | 'add_attr_form' => true, 104 | 'add_oclass_form' => true, 105 | 'add_value_form' => true, 106 | 'collapse' => true, 107 | 'compare' => true, 108 | 'compare_form' => true, 109 | 'copy' => true, 110 | 'copy_form' => true, 111 | 'create' => true, 112 | 'create_confirm' => true, 113 | 'delete' => true, 114 | 'delete_attr' => true, 115 | 'delete_form' => true, 116 | 'draw_tree_node' => true, 117 | 'expand' => true, 118 | 'export' => true, 119 | 'export_form' => true, 120 | 'import' => true, 121 | 'import_form' => true, 122 | 'login' => true, 123 | 'logout' => true, 124 | 'login_form' => true, 125 | 'mass_delete' => true, 126 | 'mass_edit' => true, 127 | 'mass_update' => true, 128 | 'modify_member_form' => true, 129 | 'monitor' => true, 130 | 'purge_cache' => true, 131 | 'query_engine' => true, 132 | 'rename' => true, 133 | 'rename_form' => true, 134 | 'rdelete' => true, 135 | 'refresh' => true, 136 | 'schema' => true, 137 | 'server_info' => true, 138 | 'show_cache' => true, 139 | 'template_engine' => true, 140 | 'update_confirm' => true, 141 | 'update' => true 142 | ); 143 | */ 144 | 145 | /********************************************* 146 | * Appearance * 147 | *********************************************/ 148 | 149 | /* If you want to choose the appearance of the tree, specify a class name which 150 | inherits from the Tree class. */ 151 | // $config->custom->appearance['tree'] = 'AJAXTree'; 152 | # $config->custom->appearance['tree'] = 'HTMLTree'; 153 | 154 | /* Just show your custom templates. */ 155 | // $config->custom->appearance['custom_templates_only'] = false; 156 | 157 | /* Disable the default template. */ 158 | // $config->custom->appearance['disable_default_template'] = false; 159 | 160 | /* Hide the warnings for invalid objectClasses/attributes in templates. */ 161 | $config->custom->appearance['hide_template_warning'] = {{ openldap_phpldapadmin_hide_warnings|lower }}; 162 | 163 | /* Set to true if you would like to hide header and footer parts. */ 164 | // $config->custom->appearance['minimalMode'] = false; 165 | 166 | /* Configure what objects are shown in left hand tree */ 167 | // $config->custom->appearance['tree_filter'] = '(objectclass=*)'; 168 | 169 | /* The height and width of the tree. If these values are not set, then 170 | no tree scroll bars are provided. */ 171 | // $config->custom->appearance['tree_height'] = null; 172 | # $config->custom->appearance['tree_height'] = 600; 173 | // $config->custom->appearance['tree_width'] = null; 174 | # $config->custom->appearance['tree_width'] = 250; 175 | 176 | /* Confirm create and update operations, allowing you to review the changes 177 | and optionally skip attributes during the create/update operation. */ 178 | // $config->custom->confirm['create'] = true; 179 | // $config->custom->confirm['update'] = true; 180 | 181 | /* Confirm copy operations, and treat them like create operations. This allows 182 | you to edit the attributes (thus changing any that might conflict with 183 | uniqueness) before creating the new entry. */ 184 | // $config->custom->confirm['copy'] = true; 185 | 186 | /********************************************* 187 | * User-friendly attribute translation * 188 | *********************************************/ 189 | 190 | /* Use this array to map attribute names to user friendly names. For example, if 191 | you don't want to see "facsimileTelephoneNumber" but rather "Fax". */ 192 | // $config->custom->appearance['friendly_attrs'] = array(); 193 | $config->custom->appearance['friendly_attrs'] = array( 194 | 'facsimileTelephoneNumber' => 'Fax', 195 | 'gid' => 'Group', 196 | 'mail' => 'Email', 197 | 'telephoneNumber' => 'Telephone', 198 | 'uid' => 'User Name', 199 | 'userPassword' => 'Password' 200 | ); 201 | 202 | /********************************************* 203 | * Hidden attributes * 204 | *********************************************/ 205 | 206 | /* You may want to hide certain attributes from being edited. If you want to 207 | hide attributes from the user, you should use your LDAP servers ACLs. 208 | NOTE: The user must be able to read the hide_attrs_exempt entry to be 209 | excluded. */ 210 | // $config->custom->appearance['hide_attrs'] = array(); 211 | # $config->custom->appearance['hide_attrs'] = array('objectClass'); 212 | 213 | /* Members of this list will be exempt from the hidden attributes. */ 214 | // $config->custom->appearance['hide_attrs_exempt'] = null; 215 | # $config->custom->appearance['hide_attrs_exempt'] = 'cn=PLA UnHide,ou=Groups,c=AU'; 216 | 217 | /********************************************* 218 | * Read-only attributes * 219 | *********************************************/ 220 | 221 | /* You may want to phpLDAPadmin to display certain attributes as read only, 222 | meaning that users will not be presented a form for modifying those 223 | attributes, and they will not be allowed to be modified on the "back-end" 224 | either. You may configure this list here: 225 | NOTE: The user must be able to read the readonly_attrs_exempt entry to be 226 | excluded. */ 227 | // $config->custom->appearance['readonly_attrs'] = array(); 228 | 229 | /* Members of this list will be exempt from the readonly attributes. */ 230 | // $config->custom->appearance['readonly_attrs_exempt'] = null; 231 | # $config->custom->appearance['readonly_attrs_exempt'] = 'cn=PLA ReadWrite,ou=Groups,c=AU'; 232 | 233 | /********************************************* 234 | * Group attributes * 235 | *********************************************/ 236 | 237 | /* Add "modify group members" link to the attribute. */ 238 | // $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid'); 239 | 240 | /* Configure filter for member search. This only applies to "modify group members" feature */ 241 | // $config->custom->modify_member['filter'] = '(objectclass=Person)'; 242 | 243 | /* Attribute that is added to the group member attribute. */ 244 | // $config->custom->modify_member['attr'] = 'dn'; 245 | 246 | /* For Posix attributes */ 247 | // $config->custom->modify_member['posixattr'] = 'uid'; 248 | // $config->custom->modify_member['posixfilter'] = '(uid=*)'; 249 | // $config->custom->modify_member['posixgroupattr'] = 'memberUid'; 250 | 251 | /********************************************* 252 | * Support for attrs display order * 253 | *********************************************/ 254 | 255 | /* Use this array if you want to have your attributes displayed in a specific 256 | order. You can use default attribute names or their fridenly names. 257 | For example, "sn" will be displayed right after "givenName". All the other 258 | attributes that are not specified in this array will be displayed after in 259 | alphabetical order. */ 260 | // $config->custom->appearance['attr_display_order'] = array(); 261 | # $config->custom->appearance['attr_display_order'] = array( 262 | # 'givenName', 263 | # 'sn', 264 | # 'cn', 265 | # 'displayName', 266 | # 'uid', 267 | # 'uidNumber', 268 | # 'gidNumber', 269 | # 'homeDirectory', 270 | # 'mail', 271 | # 'userPassword' 272 | # ); 273 | 274 | /********************************************* 275 | * Define your LDAP servers in this section * 276 | *********************************************/ 277 | 278 | $servers = new Datastore(); 279 | 280 | /* $servers->NewServer('ldap_pla') must be called before each new LDAP server 281 | declaration. */ 282 | $servers->newServer('ldap_pla'); 283 | 284 | /* A convenient name that will appear in the tree viewer and throughout 285 | phpLDAPadmin to identify this LDAP server to users. */ 286 | $servers->setValue('server','name','{{ ansible_fqdn }}'); 287 | 288 | /* Examples: 289 | 'ldap.example.com', 290 | 'ldaps://ldap.example.com/', 291 | 'ldapi://%2fusr%local%2fvar%2frun%2fldapi' 292 | (Unix socket at /usr/local/var/run/ldap) */ 293 | $servers->setValue('server','host','{{ openldap_server_host }}'); 294 | 295 | /* The port your LDAP server listens on (no quotes). 389 is standard. */ 296 | // $servers->setValue('server','port',389); 297 | 298 | /* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin 299 | auto-detect it for you. */ 300 | $servers->setValue('server','base',array('{{ openldap_base }}')); 301 | 302 | /* Five options for auth_type: 303 | 1. 'cookie': you will login via a web form, and a client-side cookie will 304 | store your login dn and password. 305 | 2. 'session': same as cookie but your login dn and password are stored on the 306 | web server in a persistent session variable. 307 | 3. 'http': same as session but your login dn and password are retrieved via 308 | HTTP authentication. 309 | 4. 'config': specify your login dn and password here in this config file. No 310 | login will be required to use phpLDAPadmin for this server. 311 | 5. 'sasl': login will be taken from the webserver's kerberos authentication. 312 | Currently only GSSAPI has been tested (using mod_auth_kerb). 313 | 314 | Choose wisely to protect your authentication information appropriately for 315 | your situation. If you choose 'cookie', your cookie contents will be 316 | encrypted using blowfish and the secret your specify above as 317 | session['blowfish']. */ 318 | $servers->setValue('login','auth_type','session'); 319 | 320 | /* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or 321 | 'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS 322 | BLANK. If you specify a login_attr in conjunction with a cookie or session 323 | auth_type, then you can also specify the bind_id/bind_pass here for searching 324 | the directory for users (ie, if your LDAP server does not allow anonymous 325 | binds. */ 326 | $servers->setValue('login','bind_id','{{ openldap_bind_id }}'); 327 | # $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com'); 328 | 329 | /* Your LDAP password. If you specified an empty bind_id above, this MUST also 330 | be blank. */ 331 | // $servers->setValue('login','bind_pass',''); 332 | # $servers->setValue('login','bind_pass','secret'); 333 | 334 | /* Use TLS (Transport Layer Security) to connect to the LDAP server. */ 335 | // $servers->setValue('server','tls',false); 336 | 337 | /************************************ 338 | * SASL Authentication * 339 | ************************************/ 340 | 341 | /* Enable SASL authentication LDAP SASL authentication requires PHP 5.x 342 | configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to 343 | false), then all other sasl options are ignored. */ 344 | // $servers->setValue('login','auth_type','sasl'); 345 | 346 | /* SASL auth mechanism */ 347 | // $servers->setValue('sasl','mech','GSSAPI'); 348 | 349 | /* SASL authentication realm name */ 350 | // $servers->setValue('sasl','realm',''); 351 | # $servers->setValue('sasl','realm','EXAMPLE.COM'); 352 | 353 | /* SASL authorization ID name 354 | If this option is undefined, authorization id will be computed from bind DN, 355 | using authz_id_regex and authz_id_replacement. */ 356 | // $servers->setValue('sasl','authz_id', null); 357 | 358 | /* SASL authorization id regex and replacement 359 | When authz_id property is not set (default), phpLDAPAdmin will try to 360 | figure out authorization id by itself from bind distinguished name (DN). 361 | 362 | This procedure is done by calling preg_replace() php function in the 363 | following way: 364 | 365 | $authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement, 366 | $bind_dn); 367 | 368 | For info about pcre regexes, see: 369 | - pcre(3), perlre(3) 370 | - http://www.php.net/preg_replace */ 371 | // $servers->setValue('sasl','authz_id_regex',null); 372 | // $servers->setValue('sasl','authz_id_replacement',null); 373 | # $servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i'); 374 | # $servers->setValue('sasl','authz_id_replacement','$1'); 375 | 376 | /* SASL auth security props. 377 | See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */ 378 | // $servers->setValue('sasl','props',null); 379 | 380 | /* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5, 381 | blowfish, crypt or leave blank for now default algorithm. */ 382 | // $servers->setValue('appearance','password_hash','md5'); 383 | 384 | /* If you specified 'cookie' or 'session' as the auth_type above, you can 385 | optionally specify here an attribute to use when logging in. If you enter 386 | 'uid' and login as 'dsmith', phpLDAPadmin will search for (uid=dsmith) 387 | and log in as that user. 388 | Leave blank or specify 'dn' to use full DN for logging in. Note also that if 389 | your LDAP server requires you to login to perform searches, you can enter the 390 | DN to use when searching in 'bind_id' and 'bind_pass' above. */ 391 | // $servers->setValue('login','attr','dn'); 392 | 393 | /* Base DNs to used for logins. If this value is not set, then the LDAP server 394 | Base DNs are used. */ 395 | // $servers->setValue('login','base',array()); 396 | 397 | /* If 'login,attr' is used above such that phpLDAPadmin will search for your DN 398 | at login, you may restrict the search to a specific objectClasses. EG, set this 399 | to array('posixAccount') or array('inetOrgPerson',..), depending upon your 400 | setup. */ 401 | // $servers->setValue('login','class',array()); 402 | 403 | /* If you specified something different from 'dn', for example 'uid', as the 404 | login_attr above, you can optionally specify here to fall back to 405 | authentication with dn. 406 | This is useful, when users should be able to log in with their uid, but 407 | the ldap administrator wants to log in with his root-dn, that does not 408 | necessarily have the uid attribute. 409 | When using this feature, login_class is ignored. */ 410 | // $servers->setValue('login','fallback_dn',false); 411 | 412 | /* Specify true If you want phpLDAPadmin to not display or permit any 413 | modification to the LDAP server. */ 414 | // $servers->setValue('server','read_only',false); 415 | 416 | /* Specify false if you do not want phpLDAPadmin to draw the 'Create new' links 417 | in the tree viewer. */ 418 | // $servers->setValue('appearance','show_create',true); 419 | 420 | /* Set to true if you would like to initially open the first level of each tree. */ 421 | // $servers->setValue('appearance','open_tree',false); 422 | 423 | /* This feature allows phpLDAPadmin to automatically determine the next 424 | available uidNumber for a new entry. */ 425 | // $servers->setValue('auto_number','enable',true); 426 | 427 | /* The mechanism to use when finding the next available uidNumber. Two possible 428 | values: 'uidpool' or 'search'. 429 | The 'uidpool' mechanism uses an existing uidPool entry in your LDAP server to 430 | blindly lookup the next available uidNumber. The 'search' mechanism searches 431 | for entries with a uidNumber value and finds the first available uidNumber 432 | (slower). */ 433 | // $servers->setValue('auto_number','mechanism','search'); 434 | 435 | /* The DN of the search base when the 'search' mechanism is used above. */ 436 | # $servers->setValue('auto_number','search_base','ou=People,dc=example,dc=com'); 437 | 438 | /* The minimum number to use when searching for the next available number 439 | (only when 'search' is used for auto_number. */ 440 | // $servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500)); 441 | 442 | /* If you set this, then phpldapadmin will bind to LDAP with this user ID when 443 | searching for the uidnumber. The idea is, this user id would have full 444 | (readonly) access to uidnumber in your ldap directory (the logged in user 445 | may not), so that you can be guaranteed to get a unique uidnumber for your 446 | directory. */ 447 | // $servers->setValue('auto_number','dn',null); 448 | 449 | /* The password for the dn above. */ 450 | // $servers->setValue('auto_number','pass',null); 451 | 452 | /* Enable anonymous bind login. */ 453 | // $servers->setValue('login','anon_bind',true); 454 | 455 | /* Use customized page with prefix when available. */ 456 | # $servers->setValue('custom','pages_prefix','custom_'); 457 | 458 | /* If you set this, then only these DNs are allowed to log in. This array can 459 | contain individual users, groups or ldap search filter(s). Keep in mind that 460 | the user has not authenticated yet, so this will be an anonymous search to 461 | the LDAP server, so make your ACLs allow these searches to return results! */ 462 | # $servers->setValue('login','allowed_dns',array( 463 | # 'uid=stran,ou=People,dc=example,dc=com', 464 | # '(&(gidNumber=811)(objectClass=groupOfNames))', 465 | # '(|(uidNumber=200)(uidNumber=201))', 466 | # 'cn=callcenter,ou=Group,dc=example,dc=com')); 467 | 468 | /* Set this if you dont want this LDAP server to show in the tree */ 469 | // $servers->setValue('server','visible',true); 470 | 471 | /* Set this if you want to hide the base DNs that dont exist instead of 472 | displaying the message "The base entry doesnt exist, create it?" 473 | // $servers->setValue('server','hide_noaccess_base',false); 474 | # $servers->setValue('server','hide_noaccess_base',true); 475 | 476 | /* This is the time out value in minutes for the server. After as many minutes 477 | of inactivity you will be automatically logged out. If not set, the default 478 | value will be ( session_cache_expire()-1 ) */ 479 | # $servers->setValue('login','timeout',30); 480 | 481 | /* Set this if you want phpldapadmin to perform rename operation on entry which 482 | has children. Certain servers are known to allow it, certain are not. */ 483 | // $servers->setValue('server','branch_rename',false); 484 | 485 | /* If you set this, then phpldapadmin will show these attributes as 486 | internal attributes, even if they are not defined in your schema. */ 487 | // $servers->setValue('server','custom_sys_attrs',array('')); 488 | # $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime')); 489 | 490 | /* If you set this, then phpldapadmin will show these attributes on 491 | objects, even if they are not defined in your schema. */ 492 | // $servers->setValue('server','custom_attrs',array('')); 493 | # $servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock')); 494 | 495 | /* These attributes will be forced to MAY attributes and become option in the 496 | templates. If they are not defined in the templates, then they wont appear 497 | as per normal template processing. You may want to do this because your LDAP 498 | server may automatically calculate a default value. 499 | In Fedora Directory Server using the DNA Plugin one could ignore uidNumber, 500 | gidNumber and sambaSID. */ 501 | // $servers->setValue('server','force_may',array('')); 502 | # $servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID')); 503 | 504 | /********************************************* 505 | * Unique attributes * 506 | *********************************************/ 507 | 508 | /* You may want phpLDAPadmin to enforce some attributes to have unique values 509 | (ie: not belong to other entries in your tree. This (together with 510 | 'unique','dn' and 'unique','pass' option will not let updates to 511 | occur with other attributes have the same value. */ 512 | # $servers->setValue('unique','attrs',array('mail','uid','uidNumber')); 513 | 514 | /* If you set this, then phpldapadmin will bind to LDAP with this user ID when 515 | searching for attribute uniqueness. The idea is, this user id would have full 516 | (readonly) access to your ldap directory (the logged in user may not), so 517 | that you can be guaranteed to get a unique uidnumber for your directory. */ 518 | // $servers->setValue('unique','dn',null); 519 | 520 | /* The password for the dn above. */ 521 | // $servers->setValue('unique','pass',null); 522 | 523 | /************************************************************************** 524 | * If you want to configure additional LDAP servers, do so below. * 525 | * Remove the commented lines and use this section as a template for all * 526 | * your other LDAP servers. * 527 | **************************************************************************/ 528 | 529 | /* 530 | $servers->newServer('ldap_pla'); 531 | $servers->setValue('server','name','LDAP Server'); 532 | $servers->setValue('server','host','127.0.0.1'); 533 | $servers->setValue('server','port',389); 534 | $servers->setValue('server','base',array('')); 535 | $servers->setValue('login','auth_type','cookie'); 536 | $servers->setValue('login','bind_id',''); 537 | $servers->setValue('login','bind_pass',''); 538 | $servers->setValue('server','tls',false); 539 | 540 | # SASL auth 541 | $servers->setValue('login','auth_type','sasl'); 542 | $servers->setValue('sasl','mech','GSSAPI'); 543 | $servers->setValue('sasl','realm','EXAMPLE.COM'); 544 | $servers->setValue('sasl','authz_id',null); 545 | $servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i'); 546 | $servers->setValue('sasl','authz_id_replacement','$1'); 547 | $servers->setValue('sasl','props',null); 548 | 549 | $servers->setValue('appearance','password_hash','md5'); 550 | $servers->setValue('login','attr','dn'); 551 | $servers->setValue('login','fallback_dn',false); 552 | $servers->setValue('login','class',null); 553 | $servers->setValue('server','read_only',false); 554 | $servers->setValue('appearance','show_create',true); 555 | 556 | $servers->setValue('auto_number','enable',true); 557 | $servers->setValue('auto_number','mechanism','search'); 558 | $servers->setValue('auto_number','search_base',null); 559 | $servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500)); 560 | $servers->setValue('auto_number','dn',null); 561 | $servers->setValue('auto_number','pass',null); 562 | 563 | $servers->setValue('login','anon_bind',true); 564 | $servers->setValue('custom','pages_prefix','custom_'); 565 | $servers->setValue('unique','attrs',array('mail','uid','uidNumber')); 566 | $servers->setValue('unique','dn',null); 567 | $servers->setValue('unique','pass',null); 568 | 569 | $servers->setValue('server','visible',true); 570 | $servers->setValue('login','timeout',30); 571 | $servers->setValue('server','branch_rename',false); 572 | $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime')); 573 | $servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock')); 574 | $servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID')); 575 | */ 576 | ?> 577 | --------------------------------------------------------------------------------