From 637de7810837a618d9d56e4f5d9a1a0d6c9e457a Mon Sep 17 00:00:00 2001 From: ridwanbejo Date: Mon, 8 Jun 2020 17:35:19 +0700 Subject: [PATCH 1/5] fix deprecated ansible syntax --- tasks/install_ldap.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/install_ldap.yml b/tasks/install_ldap.yml index c2aba5e..af419cc 100644 --- a/tasks/install_ldap.yml +++ b/tasks/install_ldap.yml @@ -4,14 +4,14 @@ include_vars: "{{ ansible_os_family }}.yml" - name: Install the openldap and required Packages for RedHat - yum: name={{ item }} state=installed - with_items: openldap_server_pkgs + yum: name={{ item }} state=preset + with_items: "{{ openldap_server_pkgs }}" when: ansible_os_family == 'RedHat' - name: Install the openldap and required Packages for Ubuntu - apt: name={{ item }} state=installed update_cache=yes - with_items: openldap_server_pkgs + apt: name={{ item }} state=preset update_cache=yes + with_items: "{{ openldap_server_pkgs }}" environment: env when: ansible_os_family == 'Debian' From 1c393bdbd2d6c594a8c515630caded855e3fc863 Mon Sep 17 00:00:00 2001 From: ridwanbejo Date: Tue, 9 Jun 2020 13:26:55 +0700 Subject: [PATCH 2/5] fix deprecated template syntax --- tasks/configure_ldap.yml | 18 +++++++++--------- tasks/install_ldap.yml | 14 +++++++------- templates/domain.ldif | 4 ++-- templates/ldap.conf.j2 | 2 +- templates/slapd.conf.j2 | 4 ++-- templates/slapd.conf_ubuntu.j2 | 4 ++-- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/tasks/configure_ldap.yml b/tasks/configure_ldap.yml index 12929d6..444efa0 100644 --- a/tasks/configure_ldap.yml +++ b/tasks/configure_ldap.yml @@ -1,21 +1,21 @@ --- - name: Create the directory for ldap database - file: path=/var/lib/ldap/{{ openldap_server_domain_name }}/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }} + file: path=/var/lib/ldap/"{{ openldap_server_domain_name }}"/ state=directory owner="{{ openldap_server_user }}" group="{{ openldap_server_user }}" - name: Create the directory for ldap certificates - file: path={{ openldap_server_app_path }}/certs/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }} + file: path="{{ openldap_server_app_path }}"/certs/ state=directory owner="{{ openldap_server_user }}" group="{{ openldap_server_user }}" - name: Generate the private key for certificate request - shell: openssl genrsa -des3 -passout pass:password -out my1.key 1024 chdir={{ openldap_server_app_path }}/certs/ - creates={{ openldap_server_app_path }}/certs/my1.key + shell: openssl genrsa -des3 -passout pass:password -out my1.key 1024 chdir="{{ openldap_server_app_path }}"/certs/ + creates="{{ openldap_server_app_path }}"/certs/my1.key - name: Strip the passphrase from the key - shell: openssl rsa -in my1.key -passin pass:password -out my.key chdir={{ openldap_server_app_path }}/certs/ - creates={{ openldap_server_app_path }}/certs/my.key + shell: openssl rsa -in my1.key -passin pass:password -out my.key chdir="{{ openldap_server_app_path }}"/certs/ + creates="{{ openldap_server_app_path }}"/certs/my.key - name: Create and sign the the new certificate - shell: openssl req -new -x509 -subj '/C={{ openldap_server_country }}/ST={{ openldap_server_state }}/L={{ openldap_server_location }}/O={{ openldap_server_organization }}/CN={{ ansible_hostname }}/' -days 3650 -key my.key -out cert.crt -extensions v3_ca chdir={{ openldap_server_app_path }}/certs/ creates={{ openldap_server_app_path }}/certs/cert.crt + shell: openssl req -new -x509 -subj '/C="{{ openldap_server_country }}"/ST="{{ openldap_server_state }}"/L="{{ openldap_server_location }}"/O="{{ openldap_server_organization }}"/CN="{{ ansible_hostname }}"/' -days 3650 -key my.key -out cert.crt -extensions v3_ca chdir="{{ openldap_server_app_path }}"/certs/ creates="{{ openldap_server_app_path }}"/certs/cert.crt - name: copy the supporting files copy: src=ldap dest=/etc/sysconfig/ldap mode=0755 @@ -40,8 +40,8 @@ service: name=slapd state=started enabled=yes - name: Copy the template for creating base dn - template: src={{ openldap_server_ldif }} dest=/tmp/ + template: src="{{ openldap_server_ldif }}" dest=/tmp/ register: result - name: add the base domain - shell: ldapadd -x -D "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -w {{ openldap_server_rootpw }} -f {{ result.dest|default(result.path) }} && touch {{ openldap_server_app_path }}/rootdn_created creates={{ openldap_server_app_path }}/rootdn_created + shell: ldapadd -x -D "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -w "{{ openldap_server_rootpw }}" -f "{{ result.dest|default(result.path) }}" && touch "{{ openldap_server_app_path }}"/rootdn_created creates="{{ openldap_server_app_path }}"/rootdn_created diff --git a/tasks/install_ldap.yml b/tasks/install_ldap.yml index af419cc..27b5e64 100644 --- a/tasks/install_ldap.yml +++ b/tasks/install_ldap.yml @@ -4,36 +4,36 @@ include_vars: "{{ ansible_os_family }}.yml" - name: Install the openldap and required Packages for RedHat - yum: name={{ item }} state=preset + yum: name="{{ item }}" state=present with_items: "{{ openldap_server_pkgs }}" when: ansible_os_family == 'RedHat' - name: Install the openldap and required Packages for Ubuntu - apt: name={{ item }} state=preset update_cache=yes + apt: name="{{ item }}" state=present update_cache=yes with_items: "{{ openldap_server_pkgs }}" environment: env when: ansible_os_family == 'Debian' - name: Delete the configuration directory - file: path={{ openldap_server_app_path }}/slapd.d state=absent + file: path="{{ openldap_server_app_path }}"/slapd.d state=absent - name: Generate the root password for ldap - shell: slappasswd -s {{ openldap_server_rootpw }} + shell: slappasswd -s "{{ openldap_server_rootpw }}" register: root_password - name: Copy the slapd.conf configuration file for Redhat - template: src=slapd.conf.j2 dest={{ openldap_server_app_path }}/slapd.conf + template: src=slapd.conf.j2 dest="{{ openldap_server_app_path }}"/slapd.conf when: ansible_os_family == "RedHat" notify: - restart slapd - name: Copy the slapd.conf configuration file - template: src=slapd.conf_ubuntu.j2 dest={{ openldap_server_app_path }}/slapd.conf + template: src=slapd.conf_ubuntu.j2 dest="{{ openldap_server_app_path }}"/slapd.conf when: ansible_os_family == "Debian" notify: - restart slapd - name: Copy the ldap.conf configuration file - template: src=ldap.conf.j2 dest={{ openldap_server_app_path }}/ldap.conf + template: src=ldap.conf.j2 dest="{{ openldap_server_app_path }}"/ldap.conf diff --git a/templates/domain.ldif b/templates/domain.ldif index dab1703..37e9ec3 100644 --- a/templates/domain.ldif +++ b/templates/domain.ldif @@ -1,4 +1,4 @@ -dn: dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }} +dn: dc="{{ openldap_server_domain_name.split('.')[0] }}",dc="{{ openldap_server_domain_name.split('.')[1] }}" objectClass: domain -dc: {{ openldap_server_domain_name.split('.')[0] }} +dc: "{{ openldap_server_domain_name.split('.')[0] }}" diff --git a/templates/ldap.conf.j2 b/templates/ldap.conf.j2 index 6f8d3fc..ca828ba 100644 --- a/templates/ldap.conf.j2 +++ b/templates/ldap.conf.j2 @@ -5,7 +5,7 @@ # See ldap.conf(5) for details # This file should be world readable but not world writable. -BASE dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }} +BASE dc="{{ openldap_server_domain_name.split('.')[0] }}",dc="{{ openldap_server_domain_name.split('.')[1] }}" {% if openldap_server_enable_ssl %} URI ldaps://localhost TLS_REQCERT never diff --git a/templates/slapd.conf.j2 b/templates/slapd.conf.j2 index 3f699d5..177ab13 100644 --- a/templates/slapd.conf.j2 +++ b/templates/slapd.conf.j2 @@ -22,9 +22,9 @@ access to attrs=shadowLastChange database bdb suffix "dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" rootdn "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -rootpw {{ root_password.stdout }} +rootpw "{{ root_password.stdout }}" #This directory has to be created and would contain the ldap database. -directory /var/lib/ldap/{{ openldap_server_domain_name }}/ +directory /var/lib/ldap/"{{ openldap_server_domain_name }}"/ index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres diff --git a/templates/slapd.conf_ubuntu.j2 b/templates/slapd.conf_ubuntu.j2 index f256ed6..18e1cf1 100644 --- a/templates/slapd.conf_ubuntu.j2 +++ b/templates/slapd.conf_ubuntu.j2 @@ -28,9 +28,9 @@ access to attrs=shadowLastChange database bdb suffix "dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" rootdn "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -rootpw {{ root_password.stdout }} +rootpw "{{ root_password.stdout }}" #This directory has to be created and would contain the ldap database. -directory /var/lib/ldap/{{ openldap_server_domain_name }}/ +directory /var/lib/ldap/"{{ openldap_server_domain_name }}"/ index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres From 23c520b7a845c18d406a794c01c380785f17ed33 Mon Sep 17 00:00:00 2001 From: ridwanbejo Date: Tue, 9 Jun 2020 15:31:18 +0700 Subject: [PATCH 3/5] fix incorrect templating usage in dest and src parameter --- tasks/configure_ldap.yml | 2 +- tasks/install_ldap.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/configure_ldap.yml b/tasks/configure_ldap.yml index 444efa0..358f80e 100644 --- a/tasks/configure_ldap.yml +++ b/tasks/configure_ldap.yml @@ -40,7 +40,7 @@ service: name=slapd state=started enabled=yes - name: Copy the template for creating base dn - template: src="{{ openldap_server_ldif }}" dest=/tmp/ + template: src={{ openldap_server_ldif }} dest=/tmp/ register: result - name: add the base domain diff --git a/tasks/install_ldap.yml b/tasks/install_ldap.yml index 27b5e64..45c50a6 100644 --- a/tasks/install_ldap.yml +++ b/tasks/install_ldap.yml @@ -23,17 +23,17 @@ register: root_password - name: Copy the slapd.conf configuration file for Redhat - template: src=slapd.conf.j2 dest="{{ openldap_server_app_path }}"/slapd.conf + template: src=slapd.conf.j2 dest={{ openldap_server_app_path }}/slapd.conf when: ansible_os_family == "RedHat" notify: - restart slapd - name: Copy the slapd.conf configuration file - template: src=slapd.conf_ubuntu.j2 dest="{{ openldap_server_app_path }}"/slapd.conf + template: src=slapd.conf_ubuntu.j2 dest={{ openldap_server_app_path }}/slapd.conf when: ansible_os_family == "Debian" notify: - restart slapd - name: Copy the ldap.conf configuration file - template: src=ldap.conf.j2 dest="{{ openldap_server_app_path }}"/ldap.conf + template: src=ldap.conf.j2 dest={{ openldap_server_app_path }}/ldap.conf From ba0616e5cc4903f8088a698bbdd09430285e820b Mon Sep 17 00:00:00 2001 From: ridwanbejo Date: Tue, 9 Jun 2020 16:43:10 +0700 Subject: [PATCH 4/5] revert incorrect templating syntax in templates and configure-ldap.yml --- tasks/configure_ldap.yml | 16 ++++++++-------- templates/domain.ldif | 5 ++--- templates/ldap.conf.j2 | 4 ++-- templates/slapd.conf.j2 | 6 +++--- templates/slapd.conf_ubuntu.j2 | 6 +++--- 5 files changed, 18 insertions(+), 19 deletions(-) diff --git a/tasks/configure_ldap.yml b/tasks/configure_ldap.yml index 358f80e..12929d6 100644 --- a/tasks/configure_ldap.yml +++ b/tasks/configure_ldap.yml @@ -1,21 +1,21 @@ --- - name: Create the directory for ldap database - file: path=/var/lib/ldap/"{{ openldap_server_domain_name }}"/ state=directory owner="{{ openldap_server_user }}" group="{{ openldap_server_user }}" + file: path=/var/lib/ldap/{{ openldap_server_domain_name }}/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }} - name: Create the directory for ldap certificates - file: path="{{ openldap_server_app_path }}"/certs/ state=directory owner="{{ openldap_server_user }}" group="{{ openldap_server_user }}" + file: path={{ openldap_server_app_path }}/certs/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }} - name: Generate the private key for certificate request - shell: openssl genrsa -des3 -passout pass:password -out my1.key 1024 chdir="{{ openldap_server_app_path }}"/certs/ - creates="{{ openldap_server_app_path }}"/certs/my1.key + shell: openssl genrsa -des3 -passout pass:password -out my1.key 1024 chdir={{ openldap_server_app_path }}/certs/ + creates={{ openldap_server_app_path }}/certs/my1.key - name: Strip the passphrase from the key - shell: openssl rsa -in my1.key -passin pass:password -out my.key chdir="{{ openldap_server_app_path }}"/certs/ - creates="{{ openldap_server_app_path }}"/certs/my.key + shell: openssl rsa -in my1.key -passin pass:password -out my.key chdir={{ openldap_server_app_path }}/certs/ + creates={{ openldap_server_app_path }}/certs/my.key - name: Create and sign the the new certificate - shell: openssl req -new -x509 -subj '/C="{{ openldap_server_country }}"/ST="{{ openldap_server_state }}"/L="{{ openldap_server_location }}"/O="{{ openldap_server_organization }}"/CN="{{ ansible_hostname }}"/' -days 3650 -key my.key -out cert.crt -extensions v3_ca chdir="{{ openldap_server_app_path }}"/certs/ creates="{{ openldap_server_app_path }}"/certs/cert.crt + shell: openssl req -new -x509 -subj '/C={{ openldap_server_country }}/ST={{ openldap_server_state }}/L={{ openldap_server_location }}/O={{ openldap_server_organization }}/CN={{ ansible_hostname }}/' -days 3650 -key my.key -out cert.crt -extensions v3_ca chdir={{ openldap_server_app_path }}/certs/ creates={{ openldap_server_app_path }}/certs/cert.crt - name: copy the supporting files copy: src=ldap dest=/etc/sysconfig/ldap mode=0755 @@ -44,4 +44,4 @@ register: result - name: add the base domain - shell: ldapadd -x -D "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -w "{{ openldap_server_rootpw }}" -f "{{ result.dest|default(result.path) }}" && touch "{{ openldap_server_app_path }}"/rootdn_created creates="{{ openldap_server_app_path }}"/rootdn_created + shell: ldapadd -x -D "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -w {{ openldap_server_rootpw }} -f {{ result.dest|default(result.path) }} && touch {{ openldap_server_app_path }}/rootdn_created creates={{ openldap_server_app_path }}/rootdn_created diff --git a/templates/domain.ldif b/templates/domain.ldif index 37e9ec3..5b9b6f5 100644 --- a/templates/domain.ldif +++ b/templates/domain.ldif @@ -1,4 +1,3 @@ -dn: dc="{{ openldap_server_domain_name.split('.')[0] }}",dc="{{ openldap_server_domain_name.split('.')[1] }}" +dn: dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }} objectClass: domain -dc: "{{ openldap_server_domain_name.split('.')[0] }}" - +dc: {{ openldap_server_domain_name.split('.')[0] }} diff --git a/templates/ldap.conf.j2 b/templates/ldap.conf.j2 index ca828ba..b0a346e 100644 --- a/templates/ldap.conf.j2 +++ b/templates/ldap.conf.j2 @@ -5,7 +5,7 @@ # See ldap.conf(5) for details # This file should be world readable but not world writable. -BASE dc="{{ openldap_server_domain_name.split('.')[0] }}",dc="{{ openldap_server_domain_name.split('.')[1] }}" +BASE dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }} {% if openldap_server_enable_ssl %} URI ldaps://localhost TLS_REQCERT never @@ -23,4 +23,4 @@ TLS_CACERT /etc/openldap/certs/cert.crt {% endif %} {% if ansible_os_family == 'Debian' %} TLS_CACERT /etc/ldap/certs/cert.crt -{% endif %} +{% endif %} \ No newline at end of file diff --git a/templates/slapd.conf.j2 b/templates/slapd.conf.j2 index 177ab13..762ec08 100644 --- a/templates/slapd.conf.j2 +++ b/templates/slapd.conf.j2 @@ -22,9 +22,9 @@ access to attrs=shadowLastChange database bdb suffix "dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" rootdn "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -rootpw "{{ root_password.stdout }}" +rootpw {{ root_password.stdout }} #This directory has to be created and would contain the ldap database. -directory /var/lib/ldap/"{{ openldap_server_domain_name }}"/ +directory /var/lib/ldap/{{ openldap_server_domain_name }}/ index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres @@ -33,4 +33,4 @@ index nisMapName,nisMapEntry eq,pres,sub TLSCipherSuite HIGH:MEDIUM:+SSLv2 #TLSCACertificateFile /etc/openldap/certs/cacert.pem TLSCertificateFile /etc/openldap/certs/cert.crt -TLSCertificateKeyFile /etc/openldap/certs/my.key +TLSCertificateKeyFile /etc/openldap/certs/my.key \ No newline at end of file diff --git a/templates/slapd.conf_ubuntu.j2 b/templates/slapd.conf_ubuntu.j2 index 18e1cf1..2df4083 100644 --- a/templates/slapd.conf_ubuntu.j2 +++ b/templates/slapd.conf_ubuntu.j2 @@ -28,9 +28,9 @@ access to attrs=shadowLastChange database bdb suffix "dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" rootdn "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -rootpw "{{ root_password.stdout }}" +rootpw {{ root_password.stdout }} #This directory has to be created and would contain the ldap database. -directory /var/lib/ldap/"{{ openldap_server_domain_name }}"/ +directory /var/lib/ldap/{{ openldap_server_domain_name }}/ index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres @@ -38,4 +38,4 @@ index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub #TLSCACertificateFile /etc/ldap/certs/cacert.pem TLSCertificateFile /etc/ldap/certs/cert.crt -TLSCertificateKeyFile /etc/ldap/certs/my.key +TLSCertificateKeyFile /etc/ldap/certs/my.key \ No newline at end of file From d7f29f779b6754e0d6f3ca9e061be73811e9eddc Mon Sep 17 00:00:00 2001 From: ridwanbejo Date: Tue, 9 Jun 2020 17:46:23 +0700 Subject: [PATCH 5/5] revert double quote in slappasswd --- tasks/install_ldap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/install_ldap.yml b/tasks/install_ldap.yml index 45c50a6..fa1ae31 100644 --- a/tasks/install_ldap.yml +++ b/tasks/install_ldap.yml @@ -19,7 +19,7 @@ file: path="{{ openldap_server_app_path }}"/slapd.d state=absent - name: Generate the root password for ldap - shell: slappasswd -s "{{ openldap_server_rootpw }}" + shell: slappasswd -s {{ openldap_server_rootpw }} register: root_password - name: Copy the slapd.conf configuration file for Redhat