This guide installs OpenLDAP and bootstraps a base directory tree.
- name: Install OpenLDAP on Debian family
hosts: openldap_debian
become: true
vars:
ldap_base_dn: "dc=example,dc=com"
ldap_admin_password_hash: "{SSHA}change-me"
tasks:
- name: Install OpenLDAP packages
ansible.builtin.apt:
update_cache: true
name:
- slapd
- ldap-utils
state: present
- name: Ensure slapd service is running
ansible.builtin.systemd:
name: slapd
enabled: true
state: started
- name: Apply base database settings
ansible.builtin.copy:
dest: /tmp/base-config.ldif
mode: "0600"
content: |
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: {{ ldap_base_dn }}
-
replace: olcRootDN
olcRootDN: cn=admin,{{ ldap_base_dn }}
-
replace: olcRootPW
olcRootPW: {{ ldap_admin_password_hash }}
- name: Load base database settings
ansible.builtin.command: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/base-config.ldif
changed_when: false
failed_when: false
- name: Install OpenLDAP on RHEL family
hosts: openldap_rhel
become: true
vars:
ldap_base_dn: "dc=example,dc=com"
ldap_admin_password_hash: "{SSHA}change-me"
tasks:
- name: Install OpenLDAP packages
ansible.builtin.dnf:
name:
- openldap-servers
- openldap-clients
state: present
- name: Ensure slapd service is running
ansible.builtin.systemd:
name: slapd
enabled: true
state: started
ansible-playbook -i inventory.ini openldap-install.yml
openldap_debian.ldap_admin_password_hash with slappasswd and store in Ansible Vault.We develop tailored automation solutions for:
Let’s discuss your requirements: office@linux-server-admin.com | Contact