doing some dull work

dbd12429 · Lars Beckers · 01529ecb · dbd12429 · dbd12429 · dbd12429
Commit dbd12429 authored Apr 01, 2015 by Lars Beckers
--- a/ad-auth/files/sudo/admin
+++ b/ad-auth/files/sudo/admin
+%admin ALL=(ALL:ALL) ALL
--- a/ad-auth/tasks/main.yml
+++ b/ad-auth/tasks/main.yml
@@ -6,3 +6,4 @@ tasks:
  - include: nslcd.yml
  - include: nscd.yml
  - include: kerberos.yml
+  - include: sudo.yml
--- a/ad-auth/tasks/sudo.yml
+++ b/ad-auth/tasks/sudo.yml
+---
+# file: roles/ad-auth/tasks/sudo.yml
+- name: ensure users of group admin are in the sudoers
+  copy: src=sudo/admin dest=/etc/sudoers.d/admin owner=root group=root mode=0440
+  tags: sudo config
+- name: check whole sudo config
+  command: visudo -q -c -f /etc/sudoers
+  tags: sudo test
--- a/ad-auth/templates/ldap.conf.j2
+++ b/ad-auth/templates/ldap.conf.j2
-## TODO
 #
 # LDAP Defaults
 #
@@ -6,11 +5,11 @@
 # See ldap.conf(5) for details
 # This file should be world readable but not world writable.
-BASE	dc=fsmpi,dc=rwth-aachen,dc=de
+BASE	{{ authbase }}
-URI	ldaps://rumo.fsmpi.rwth-aachen.de
+URI	ldaps://{{ authserver }}
 #SIZELIMIT	12
 #TIMELIMIT	15
 #DEREF		never
-TLS_CACERT	/etc/ssl/certs/rwth_chain.pem
+TLS_CACERT	{{ authcacert }}
--- a/ad-auth/templates/nslcd.conf.j2
+++ b/ad-auth/templates/nslcd.conf.j2
-## TODO
 # /etc/nslcd.conf
 # nslcd configuration file. See nslcd.conf(5)
 # for details.
@@ -8,10 +7,10 @@ uid nslcd
 gid nslcd
 # The location at which the LDAP server(s) should be reachable.
-uri ldaps://rumo.fsmpi.rwth-aachen.de/
+uri ldaps://{{ authserver }}
 # The search base that will be used for all queries.
-base dc=fsmpi,dc=rwth-aachen,dc=de
+base {{ authbase }}
 # The LDAP protocol version to use.
 #ldap_version 3
@@ -25,7 +24,7 @@ base dc=fsmpi,dc=rwth-aachen,dc=de
 # SSL options
 #ssl off
-tls_cacertfile /etc/ssl/certs/rwth_chain.pem
+tls_cacertfile {{ authcacert }}
 tls_reqcert demand
 # The search scope.