Commit dbd12429 authored by Lars Beckers's avatar Lars Beckers
Browse files

doing some dull work

parent 01529ecb
%admin ALL=(ALL:ALL) ALL
......@@ -6,3 +6,4 @@ tasks:
- include: nslcd.yml
- include: nscd.yml
- include: kerberos.yml
- include: sudo.yml
---
# file: roles/ad-auth/tasks/sudo.yml
- name: ensure users of group admin are in the sudoers
copy: src=sudo/admin dest=/etc/sudoers.d/admin owner=root group=root mode=0440
tags: sudo config
- name: check whole sudo config
command: visudo -q -c -f /etc/sudoers
tags: sudo test
## TODO
#
# LDAP Defaults
#
......@@ -6,11 +5,11 @@
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=fsmpi,dc=rwth-aachen,dc=de
URI ldaps://rumo.fsmpi.rwth-aachen.de
BASE {{ authbase }}
URI ldaps://{{ authserver }}
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERT /etc/ssl/certs/rwth_chain.pem
TLS_CACERT {{ authcacert }}
## TODO
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
......@@ -8,10 +7,10 @@ uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldaps://rumo.fsmpi.rwth-aachen.de/
uri ldaps://{{ authserver }}
# The search base that will be used for all queries.
base dc=fsmpi,dc=rwth-aachen,dc=de
base {{ authbase }}
# The LDAP protocol version to use.
#ldap_version 3
......@@ -25,7 +24,7 @@ base dc=fsmpi,dc=rwth-aachen,dc=de
# SSL options
#ssl off
tls_cacertfile /etc/ssl/certs/rwth_chain.pem
tls_cacertfile {{ authcacert }}
tls_reqcert demand
# The search scope.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment