2022-03-08 19:42:28 +01:00
<?xml version="1.0" encoding="utf-8"?>
<rougail version= "0.10" >
<services >
<service name= "slapd" target= "multi-user" >
2023-06-23 08:12:05 +02:00
<override engine= "ansible" />
2023-02-14 14:24:16 +01:00
<certificate authority= "LDAP" owner= "ldap" type= "server" > openldap</certificate>
2023-06-23 08:12:05 +02:00
<file engine= "ansible" owner= "ldap" > /var/lib/ldap/DB_CONFIG</file>
<file engine= "ansible" owner= "ldap" mode= "400" > /etc/ldap/secrets/config.ldif</file>
<file engine= "ansible" owner= "ldap" mode= "400" > /etc/ldap/secrets/users.ldif</file>
<file engine= "ansible" > /secrets/users_mod.ldif</file>
<file engine= "ansible" > /secrets/config_acl.ldif</file>
<file engine= "ansible" mode= "400" > /secrets/admin_ldap.pwd</file>
2022-03-08 19:42:28 +01:00
<file engine= "none" > /sysusers.d/risotto-openldap.conf</file>
2023-06-23 08:12:05 +02:00
<file engine= "ansible" > /etc/openldap/ldap.conf</file>
<file engine= "ansible" source= "tmpfile-openldap-server.conf" > /tmpfiles.d/0openldap-server.conf</file>
<file engine= "ansible" filelist= "copy_tests" > /tests/openldap.yml</file>
2022-03-08 19:42:28 +01:00
</service>
</services>
<variables >
2023-08-10 10:15:12 +02:00
<family name= "ldap" description= "LDAP" >
2023-06-23 08:12:05 +02:00
<!-- variable name='ldap_server_address' redefine="True" hidden="True"/ -->
<variable name= 'prefix_domain_name' hidden= "True" mandatory= "True" provider= "global:prefix_domain_name" />
2023-08-10 10:15:12 +02:00
<variable name= 'ldap_schemas' type= 'filename' description= 'Additional LDAP schemas' multi= 'True' mode= "expert" >
2023-06-23 08:12:05 +02:00
<value > /etc/openldap/schema/cosine.ldif</value>
<value > /etc/openldap/schema/inetorgperson.ldif</value>
<value > /etc/openldap/schema/nis.ldif</value>
<value > /etc/openldap/schema/misc.ldif</value>
</variable>
2023-08-10 10:15:12 +02:00
<family name= 'limits' description= 'Limits' mode= 'expert' >
<variable name= 'ldap_loglevel' type= 'number' description= 'Log level' mode= "expert" >
2023-06-23 08:12:05 +02:00
<value > 0</value>
</variable>
<variable name= 'ldap_sizelimit' type= 'number' description= "Nombre maximum d'entrées à retourner lors d'une requête" mode= "expert" >
<value > 5000</value>
</variable>
<variable name= 'ldap_timelimit' type= 'number' description= 'Temps de réponse maximum à une requête (en secondes)' mode= "expert" >
<value > 3600</value>
2022-03-08 19:42:28 +01:00
</variable>
2022-06-24 19:00:16 +02:00
</family>
2023-06-23 08:12:05 +02:00
<family name= 'db_environment' description= 'DB environment' mode= 'expert' >
<variable name= 'db_cache_size_g' description= "Quantité de Giga-octets à utiliser pour le cache HDB" type= "number" >
<value > 0</value>
</variable>
<variable name= 'db_cache_size_o' description= "Quantité d'octets à utiliser pour le cache HDB" type= "number" >
<value > 268435456</value>
</variable>
<variable name= 'db_cache_chunks' description= "Nombre de fichiers ou écrire le cache HDB" type= "number" >
<value > 1</value>
</variable>
<variable name= 'db_log_region_max' type= 'number' description= "Quantité de fichier de cache mis en cache mémoire" >
<value > 262144</value>
</variable>
<variable name= 'db_log_max' type= 'number' description= "Quantité d'informations de journalisation conservé jusqu'à rotation" >
<value > 10485760</value>
</variable>
<variable name= 'db_log_bsize' type= 'number' description= "Quantité d'informations de journalisation du cache reporté sur le disque" >
<value > 2097152</value>
</variable>
<variable name= 'db_log_directory' type= 'filename' description= 'Répertoire de conservation des informations de journalisation' >
<value > /srv/openldap/log</value>
</variable>
<variable name= 'db_lk_max_objects' type= 'number' description= "Nombre d'objet qui peuvent être verrouillés simultanément " >
<value > 5000</value>
</variable>
<variable name= 'db_lk_max' type= 'number' description= 'Nombre de verrous maximal' >
<value > 5000</value>
</variable>
<variable name= 'db_lk_max_lockers' type= 'number' description= 'Nombre de verroulleur maximal' >
<value > 5000</value>
</variable>
<variable name= "openldap_key_file" type= "filename" hidden= "True" />
</family>
<variable name= 'ldap_user' mandatory= "True" hidden= "True" />
<variable name= 'ldap_user_password' type= 'password' description= "Mot de passe de l'utilisateur LDAP" mandatory= 'True' hidden= "True" />
<variable name= 'ldap_base_dn' mandatory= "True" description= "Base DN" hidden= "True" />
<variable name= 'ldap_account_dn' type= 'string' description= "Base DN de l'annuaire des utilisateurs" mandatory= "True" hidden= "True" />
<variable name= 'ldap_user_dn' type= 'string' description= "Base DN de l'annuaire des utilisateurs n'appartenant à une famille" mandatory= "True" hidden= "True" />
<variable name= 'ldap_group_dn' type= 'string' description= "Base DN de l'annuaire des groupes" mandatory= "True" hidden= "True" />
<!-- family name="client">
2022-06-24 19:00:16 +02:00
<variable name= 'ldapclient_family' redefine= "True" disabled= "True" />
2022-08-18 10:19:43 +02:00
<variable name= 'ldapclient_search_dn' redefine= "True" />
2023-06-23 08:12:05 +02:00
</family-->
2022-03-08 19:42:28 +01:00
</family>
</variables>
<constraints >
2023-06-23 08:12:05 +02:00
<check name= 'valid_base_dn' >
<target > ldap_base_dn</target>
</check>
<fill name= 'get_default_base_dn' >
<param type= "variable" > prefix_domain_name</param>
<target > ldap_base_dn</target>
</fill>
<fill name= "get_password" >
<param name= "server_name" type= "variable" > domain_name_eth0</param>
<param name= "username" type= "variable" > ldap_user</param>
<param name= "description" > remote account</param>
<param name= "type" > cleartext</param>
<param name= "hide" type= "variable" > hide_secret</param>
<param name= "temporary" type= "boolean" > True</param>
<target > ldap_user_password</target>
2022-03-08 19:42:28 +01:00
</fill>
2022-06-26 19:33:44 +02:00
<fill name= "calc_ldapclient_base_dn" >
2023-06-23 08:12:05 +02:00
<param type= "variable" > ldap_base_dn</param>
2022-06-26 19:33:44 +02:00
<param name= "base" type= "boolean" > True</param>
<target > ldap_account_dn</target>
</fill>
2022-03-08 19:42:28 +01:00
<fill name= 'calc_value' >
<param > cn=admin</param>
2023-06-23 08:12:05 +02:00
<param type= 'variable' > ldap_base_dn</param>
2022-03-08 19:42:28 +01:00
<param name= "join" > ,</param>
2023-06-23 08:12:05 +02:00
<target > ldap_user</target>
2022-03-08 19:42:28 +01:00
</fill>
2023-06-23 08:12:05 +02:00
<!-- fill name='calc_value'>
2022-08-18 10:19:43 +02:00
<param type= "variable" > ldapclient_base_dn</param>
<target > ldapclient_search_dn</target>
2023-06-23 08:12:05 +02:00
</fill-->
<fill name= "calc_ldapclient_base_dn" >
<param type= "variable" > ldap_base_dn</param>
<target > ldap_user_dn</target>
</fill>
<fill name= "calc_ldapclient_base_dn" >
<param type= "variable" > ldap_base_dn</param>
<param name= "group" type= "boolean" > True</param>
<target > ldap_group_dn</target>
2022-08-18 10:19:43 +02:00
</fill>
2022-03-08 19:42:28 +01:00
</constraints>
</rougail>
