This repository has been archived by the owner on Sep 14, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathldap-config.yml
64 lines (63 loc) · 1.75 KB
/
ldap-config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
##############################################################
# This Playbook enables and configures the LDAP auth method
##############################################################
---
- hosts: all
vars:
token: ""
address: "https://127.0.0.1:8200"
ca_cert: "{{ playbook_dir }}/ca.crt"
ca_cert_copy: True
tls_skip_verify: false
ldap_description: ""
ldap_path: "ldap"
# LDAP Configuration
# Refer to https://www.vaultproject.io/docs/auth/ldap.html
# Empty values are not written to Vault and ignored. So the defaults in Vault will apply
ldap:
# Connection
url: ""
starttls: ""
insecure_tls: ""
# Binding - Authenticated Search
binddn: ""
bindpass: ""
userdn: ""
userattr: ""
# Binding - Anonymous Search
discoverdn: ""
deny_null_bind: ""
# Binding - User Principal Name (AD)
upndomain: ""
# Group Membership Resolution
groupfilter: ""
groupdn: ""
groupattr: ""
# Configuration where the input value is a local file
ldap_local:
certificate: "" # Local path to the LDAP certificate CA
tasks:
- include_role:
name: filters
tags:
- always
- include_role:
name: vault-env
- include_role:
name: vault-exec
vars:
vault_exec: |-
auth enable \
-description {{ ldap_description | shell_quote }} \
-path {{ ldap_path | shell_quote }} \
ldap
parse_output: false
tags:
- enable
- include_role:
name: vault-write
vars:
write_path: "auth/ldap/config"
write_values: "{{ ldap | omit_empty }}"
write_local: "{{ ldap_local | omit_empty }}"
run_once: True