--- /dev/null
+---
+
+# Installation des paquets necessaires
+- name: Install auth (ldap, pam) packages
+ apt: pkg={{ item }} state=latest
+ with_items:
+ - ldap-utils
+ - slapd
+ - ldapvi
+ - ldapscripts
+ - libpam-ldapd
+ - libpam-modules
+ - libpam-modules-bin
+ - nscd
+ - nslcd
+ tags:
+ - packages
+
+- name: Install LDAP sudo support
+ shell: DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt-get -y install sudo-ldap
+ notify:
+ - restart openldap
+ tags:
+ - packages
+
+### configuration du serveur ldap
+# a-t-on deja passe la config ?
+- name: Have slapd already been configured?
+ shell: "[ -f {{ slapd_dpkg_reconfigure_done }} ] && printf 'found' || printf ''"
+ register: slapd_already_configured
+
+# (re)config de slapd
+- name: Configure slapd
+ dpkg_reconfigure:
+ pkg: slapd
+ answers:
+ slapd/internal/generated_adminpw: "{{ slapd_adminpwd }}"
+ slapd/allow_ldap_v2: false
+ shared/organization: "{{ slapd_organization }}"
+ slapd/no_configuration: false
+ slapd/move_old_database: false
+ slapd/dump_database_destdir: "{{ slapd_dump_db_dir }}"
+ slapd/purge_database: false
+ slapd/domain: "{{ slapd_domain }}"
+ slapd/backend: HDB
+ slapd/dump_database: when needed
+ when: slapd_already_configured.stdout.find('found') == -1
+
+- name: Reconfigure slapd
+ pause: prompt="Run `dpkg-reconfigure slapd` to set admin password"
+
+- name: Push date in slapd_dpkg_reconfigure_done (ugly hack)
+ shell: date > {{ slapd_dpkg_reconfigure_done }}
+ args:
+ creates: "{{ slapd_dpkg_reconfigure_done }}"
+
+# ajout des schemas de base : tache independante
+- include: load-slapd-schemas.yml
+
+### ajout de groupes pour tous les utilisateurs
+- name: Deploy security (groups) templates
+ template: src=security/group.conf dest=/etc/security/group.conf
+ owner=root group=root mode=0644
+
+- name: Deploy pam config for groups templates
+ template: src=pam/groupes_ecoles dest=/usr/share/pam-configs/groupes_ecoles
+ owner=root group=root mode=0644
+ notify: restart nscd
+
+### configuration de pam
+# on deploie les templates
+- name: Deploy pam templates
+ template: src=pam/{{ item }} dest=/etc/pam.d/{{ item }}
+ owner=root group=root mode=0644
+ with_items:
+ - common-auth
+ - common-account
+ - common-password
+ - common-session
+ - common-session-noninteractive
+
+# on deploie nslcd et nsswitch
+- name: Deploy nslcd machinery
+ template: src={{ item }} dest=/etc/{{ item }}
+ owner=root group=root mode=0644
+ with_items:
+ - nslcd.conf
+ - nsswitch.conf
+
+# on deploie sudo-ldap pour autoriser les DIR
+- name: Deploy sudo-ldap configuration
+ template: src=sudo-ldap.conf.j2 dest=/etc/ldap/ldap.conf
+ owner=root group=root mode=0644
+ notify: restart nscd
+
+# on deploie le ldif de l'ecole
+- name: Deploy ldap content
+ copy: src=files/ldap/alim-ldap-{{ abbrv }}.ldif dest=/root/alim-ldap-{{ abbrv }}.ldif
+ owner=root group=root mode=0644
+
+- name: Create ldap users
+ pause: prompt="Run `/usr/bin/ldapmodify -x -h localhost -D "{{ slapd_adminuid }}" -w "{{ slapd_adminpwd }}" -c -af /root/alim-ldap-"{{ abbrv }}".ldif` to create users"
+