add role ldap/nss

roles/ldap/nss/tasks/main.yml

@@ -0,0 +1,41 @@
+---
+- name: install packages
+  package:
+    name: "{{ item }}"
+    state: installed
+  with_items:
+    - nscd
+    - nss-pam-ldapd
+
+- name: configure nsswitch to use ldap
+  lineinfile:
+    path: /etc/nsswitch.conf
+    regexp: "^{{ item }}:.*"
+    line: "{{ item }}: files ldap"
+  with_items:
+    - passwd
+    - shadow
+    - group
+
+- name: allow nslcd user to read host key
+  user:
+    name: nslcd
+    groups: hostkey
+
+- name: create nslcd config
+  template:
+    dest: /etc/nslcd.conf
+    src: nslcd.conf.j2
+    mode: 0600
+    owner: root
+    group: root
+  notify: restart nslcd
+
+- name: enable nslcd and nscd
+  service:
+    name: "{{ item }}"
+    enabled: true
+    state: started
+  with_items:
+    - nslcd
+    - nscd