add gssapi auth support for ldap server

2019-06-06 01:58:04 +03:00 · 2019-06-06 01:58:04 +03:00 · d512c8b8bd
commit d512c8b8bd
parent 9cd3910f42
2 changed files with 10 additions and 0 deletions
--- a/roles/ldap/server/meta/main.yml
+++ b/roles/ldap/server/meta/main.yml
@ -1,5 +1,6 @@
 ---

 dependencies:
+  - {role: kerberos/client}
  - {role: ldap/client}
  - {role: saslauthd}
--- a/roles/ldap/server/tasks/main.yml
+++ b/roles/ldap/server/tasks/main.yml
@ -4,6 +4,7 @@
    name: "{{ item }}"
    state: installed
  with_items:
+    - cyrus-sasl-gssapi
    - openldap-servers
    - ldapvi

@ -173,3 +174,11 @@
    name: slapd
    state: started
    enabled: true
+
+- name: create slapd keytab
+  import_role:
+    name: kerberos/keytab
+  vars:
+    keytab: /etc/openldap/slapd.keytab
+    principals: ["ldap/{{ inventory_hostname }}@{{ kerberos_realm }}"]
+    group: ldap