pottwal - add ldap docker similar to pingtech setup

This commit is contained in:
David Kilias 2022-07-04 22:42:07 +02:00
parent d30eb2df9c
commit a070cd48b8

View file

@ -276,30 +276,75 @@
path: "{{ item }}"
state: directory
with_items:
- "{{ openldap_data }}/database"
- "{{ openldap_data }}/config"
- "{{ openldap_data }}/ldap"
- "{{ openldap_data }}/slapd"
- "{{ openldap_data }}/ldif"
- "{{ dehydrated_certs_dir }}/certs/{{ openldap_domain }}"
- name: Ensure container for openLDAP is running.
docker_container:
name: openLDAP
image: "osixia/openldap:{{ openldap_image_version }}"
pull: true
state: started
detach: yes
ports:
- "389:389" # unencrypted/STARTTLS
- "636:636" # SSL
volumes:
- "{{ openldap_data }}/database:/var/lib/ldap"
- "{{ openldap_data }}/config:/etc/ldap/slapd.d"
- "{{ dehydrated_certs_dir }}/certs/{{ openldap_domain }}:/container/service/slapd/assets/certs"
env:
LDAP_ORGANISATION: "Netz39 e.V."
LDAP_DOMAIN: "{{ openldap_domain }}"
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
LDAP_TLS_CRT_FILENAME: "cert.pem"
LDAP_TLS_KEY_FILENAME: "key.pem"
state: started
restart_policy: unless-stopped
container_default_behavior: no_defaults
pull: true
env:
LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "{{ldap_org}}"
LDAP_DOMAIN: "{{ldap_domain}}"
LDAP_BASE_DN: "{{ldap_base_dn}}"
LDAP_READONLY_USER: "false"
LDAP_ADMIN_PASSWORD: "{{ldap_admin_password}}"
LDAP_CONFIG_PASSWORD: "{{ldap_config_password}}"
LDAP_RFC2307BIS_SCHEMA: "true"
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
LDAP_REPLICATION: "{{ldap_replication_enable}}"
LDAP_REPLICATION_CONFIG_SYNCPROV: "{{ldap_replication_config_syncprov}}"
LDAP_REPLICATION_DB_SYNCPROV: "{{ldap_replication_db_syncprov}}"
LDAP_REPLICATION_HOSTS: "{{ldap_replication_hosts}}"
KEEP_EXISTING_CONFIG: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
published_ports:
- "{{ldap_ip}}:389:389" # unencrypted/STARTTLS
- "{{ldap_ip}}:636:636" # SSL
volumes:
- "{{ openldap_data }}/ldap:/var/lib/ldap"
- "{{ openldap_data }}/slapd:/etc/ldap/slapd.d"
- "{{ dehydrated_certs_dir }}/certs/{{ openldap_domain }}:/container/service/slapd/assets/certs"
- "{{ openldap_data }}/ldif/custom-element.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/01_netz39.ldif"
timeout: 500
# For replication to work correctly, domainname and hostname must be
# set correctly so that "hostname"."domainname" equates to the
# fully-qualified domain name for the host.
domainname: "{{ldap_domainname}}"
hostname: "{{ldap_hostname}}"
command: "--copy-service --loglevel debug"
- name: Allow access to openLDAP from local docker container [1/2]
become: true
community.general.ufw:
rule: allow
port: '389'
proto: tcp
from: "{{ item }}"
comment: LDAP Docker Access
loop: "{{ docker_ip_ranges }}"
- name: Allow access to openLDAP from local docker container [2/2]
become: true
community.general.ufw:
rule: allow
port: '636'
proto: tcp
from: "{{ item }}"
comment: LDAP Docker Access
loop: "{{ docker_ip_ranges }}"
handlers: