LDAP configuration

mailman__ldap_enabled

Enable or disable LDAP authentication in the web interface.

mailman__ldap_enabled: '{{ ansible_local.ldap.enabled | d(False) }}'
mailman__ldap_uri

List of LDAP server URIs.

mailman__ldap_uri: '{{ ansible_local.ldap.uri | d(["ldap://ldap." + ansible_domain]) }}'
mailman__ldap_device_dn

The Distinguished Name of the device LDAP object, defined as a YAML list. It will be used as a base for the Mailman 3 service account object. The role will not create the account object automatically if this list is empty.

mailman__ldap_device_dn: '{{ ansible_local.ldap.device_dn | d([]) }}'
mailman__ldap_self_rdn

The Relative Distinguished Name of the service account object that Mailman 3 uses to access the LDAP directory.

mailman__ldap_self_rdn: 'uid=mailman'
mailman__ldap_self_object_classes

List of object classes that will be used to create the LDAP service account.

mailman__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
mailman__ldap_self_attributes

YAML dictionary that defines the attributes of the LDAP service account.

mailman__ldap_self_attributes:
  uid: '{{ mailman__ldap_self_rdn.split("=")[1] }}'
  userPassword: '{{ mailman__ldap_bind_password }}'
  host: '{{ [ansible_fqdn, ansible_hostname] | unique }}'
  description: 'Account used by the "mailman" service to access the LDAP directory'
mailman__ldap_starttls

Enable or disable StartTLS for encrypted connections to the LDAP server.

mailman__ldap_starttls: True
mailman__ldap_bind_dn

The Distinguished Name of the service account object that Mailman 3 uses to access the LDAP directory.

mailman__ldap_bind_dn: '{{ ([mailman__ldap_self_rdn]
                            + mailman__ldap_device_dn) | join(",") }}'
mailman__ldap_bind_password

The password used by Mailman 3 to access the LDAP directory.

mailman__ldap_bind_password: '{{ lookup("password", secret + "/ldap/credentials/"
                                                    + mailman__ldap_bind_dn | to_uuid
                                                    + ".password chars=ascii_letters,digits length=22") }}'
mailman__ldap_base_dn

The base Distinguished Name of the LDAP directory, defined as a YAML list.

mailman__ldap_base_dn: '{{ ansible_local.ldap.basedn
                           if (ansible_local.ldap.basedn | d())
                           else "dc=" + ansible_domain.split(".")
                                        | join(",dc=") }}'
mailman__ldap_people_rdn

The Relative Distinguished Name of the LDAP subtree that contains personal entries.

mailman__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn | d("ou=People") }}'
mailman__ldap_groups_rdn

The Relative Distinguished Name of the LDAP subtree that contains group entries.

mailman__ldap_groups_rdn: '{{ ansible_local.ldap.groups_rdn | d("ou=Groups") }}'
mailman__ldap_people_dn

The Distinguished Name of the LDAP subtree that contains personal entries.

mailman__ldap_people_dn: '{{ mailman__ldap_people_rdn + ","
                             + mailman__ldap_base_dn }}'
mailman__ldap_groups_dn

The Distinguished Name of the LDAP subtree that contains group entries.

mailman__ldap_groups_dn: '{{ mailman__ldap_groups_rdn + ","
                             + mailman__ldap_base_dn }}'
mailman__ldap_people_filter

The LDAP filter to query personal entries with.

mailman__ldap_people_filter: '(&
                                (objectClass=inetOrgPerson)
                                (|
                                  (uid=%(user)s)
                                  (mail=%(user)s)
                                )
                                (|
                                  (authorizedService=all)
                                  (authorizedService=mailman)
                                )
                              )'
mailman__ldap_groups_filter

The LDAP filter to query group entries with.

mailman__ldap_groups_filter: '(objectClass=groupOfNames)'
mailman__ldap_superusers_group

The name of the LDAP group that contains the superusers. Members of this group are given full administrative privileges in the Mailman 3 web interface.

mailman__ldap_superusers_group: 'cn=UNIX Administrators'