Skip to content
Snippets Groups Projects
Commit dbd12429 authored by Lars Beckers's avatar Lars Beckers
Browse files

doing some dull work

parent 01529ecb
No related branches found
No related tags found
No related merge requests found
%admin ALL=(ALL:ALL) ALL
...@@ -6,3 +6,4 @@ tasks: ...@@ -6,3 +6,4 @@ tasks:
- include: nslcd.yml - include: nslcd.yml
- include: nscd.yml - include: nscd.yml
- include: kerberos.yml - include: kerberos.yml
- include: sudo.yml
---
# file: roles/ad-auth/tasks/sudo.yml
- name: ensure users of group admin are in the sudoers
copy: src=sudo/admin dest=/etc/sudoers.d/admin owner=root group=root mode=0440
tags: sudo config
- name: check whole sudo config
command: visudo -q -c -f /etc/sudoers
tags: sudo test
## TODO
# #
# LDAP Defaults # LDAP Defaults
# #
...@@ -6,11 +5,11 @@ ...@@ -6,11 +5,11 @@
# See ldap.conf(5) for details # See ldap.conf(5) for details
# This file should be world readable but not world writable. # This file should be world readable but not world writable.
BASE dc=fsmpi,dc=rwth-aachen,dc=de BASE {{ authbase }}
URI ldaps://rumo.fsmpi.rwth-aachen.de URI ldaps://{{ authserver }}
#SIZELIMIT 12 #SIZELIMIT 12
#TIMELIMIT 15 #TIMELIMIT 15
#DEREF never #DEREF never
TLS_CACERT /etc/ssl/certs/rwth_chain.pem TLS_CACERT {{ authcacert }}
## TODO
# /etc/nslcd.conf # /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5) # nslcd configuration file. See nslcd.conf(5)
# for details. # for details.
...@@ -8,10 +7,10 @@ uid nslcd ...@@ -8,10 +7,10 @@ uid nslcd
gid nslcd gid nslcd
# The location at which the LDAP server(s) should be reachable. # The location at which the LDAP server(s) should be reachable.
uri ldaps://rumo.fsmpi.rwth-aachen.de/ uri ldaps://{{ authserver }}
# The search base that will be used for all queries. # The search base that will be used for all queries.
base dc=fsmpi,dc=rwth-aachen,dc=de base {{ authbase }}
# The LDAP protocol version to use. # The LDAP protocol version to use.
#ldap_version 3 #ldap_version 3
...@@ -25,7 +24,7 @@ base dc=fsmpi,dc=rwth-aachen,dc=de ...@@ -25,7 +24,7 @@ base dc=fsmpi,dc=rwth-aachen,dc=de
# SSL options # SSL options
#ssl off #ssl off
tls_cacertfile /etc/ssl/certs/rwth_chain.pem tls_cacertfile {{ authcacert }}
tls_reqcert demand tls_reqcert demand
# The search scope. # The search scope.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment