stuvusIT.slapd-base
slapd-base
This role sets up a basic OpenLDAP server (slapd) with an almost empty configuration. The slapd cannot be used because no database is created, which needs to be done with another role like slapd-config.
The main goal is to remove any specific settings related to the server's distribution.
Some aspects cannot be determined by this role (for example, whether the configuration was initialized). To address this, flag files are created, and their presence is checked in future playbook runs.
Requirements
- OS: Debian
Role Variables
This role allows you to set several variables:
| Name | Default/Required | Description |
|---|---|---|
slapd_run_dir |
/run/slapd |
Directory for runtime files like arguments, PID, and Unix socket |
slapd_ldapi_socket |
{{slapd_run_dir}}/ldapi |
Unix socket for local slapd management |
slapd_mdb_dir |
/var/lib/slapd |
Directory for the database (mdb). The directory is created, but not the mdb |
slapd_etc_dir |
/etc/ldap |
Configuration directory, usually /etc/ldap or /etc/openldap |
slapd_olc_dir |
{{slapd_etc_dir}}/slapd.d |
Path for the LDIF files of the configuration |
global_flags_dir |
{{slapd_etc_dir}} |
Path for flag files indicating what actions were taken |
slapd_schema_dir |
{{slapd_etc_dir}}/schema |
Path for default slapd schemas |
slapd_user |
openldap |
User account under which slapd runs |
slapd_group |
{{slapd_user}} |
Group under which slapd runs |
slapd_olc_rootdn |
cn=root,cn=config |
Root distinguished name for the configuration |
slapd_olc_rootdn_password |
:heavy_check_mark: | Password for the root distinguished name |
All variables starting with slapd_ are available as facts for other roles, except for slapd_olc_rootdn_password to keep it secure.
Dependencies
- None
Example Playbook
- hosts: ldap
roles:
- slapd-base
slapd_etc_dir: /etc/openldap
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.