Newer
Older
- name: Install ldap packages
ansible.builtin.yum:
name: "{{ item }}"
state: present
loop:
- nss-pam-ldapd
- openldap
- openldap-clients
- openldap-servers
- sssd-ldap
- name: Update nsswitch.conf to look for ldap
ansible.builtin.replace:
dest: /etc/nsswitch.conf
regexp: '^({{ item }}:(?!.*\bldap\b).*)$'
replace: '\1 ldap'
loop:
- passwd
- shadow
- group
- netgroup
- automount
- name: Copy ldap cert(s) into place
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ ldap_cert_path }}/{{ item.src }}"
owner: ldap
group: ldap
mode: 0440
loop:
- { src: ca.pem }
- { src: ldap.key }
- { src: ldap.pem }
when: ldap_uri | regex_search('^ldaps://')
- name: Copy ldap config into place
ansible.builtin.template:
src: nslcd.conf.j2
dest: /etc/nslcd.conf
owner: root
group: root
mode: 0600
- name: Enable services
ansible.builtin.service:
name: "{{ item }}"
enabled: yes