LDAP configuration¶
-
mailman__ldap_enabled
¶
Enable or disable LDAP authentication in the web interface.
mailman__ldap_enabled: '{{ ansible_local.ldap.enabled|d(False) }}'
-
mailman__ldap_uri
¶
List of LDAP server URIs.
mailman__ldap_uri: '{{ ansible_local.ldap.uri|d([ "ldap://ldap." + ansible_domain ]) }}'
-
mailman__ldap_device_dn
¶
The Distinguished Name of the device LDAP object, defined as a YAML list. It will be used as a base for the Mailman 3 service account object. The role will not create the account object automatically if this list is empty.
mailman__ldap_device_dn: '{{ ansible_local.ldap.device_dn|d([]) }}'
-
mailman__ldap_self_rdn
¶
The Relative Distinguished Name of the service account object that Mailman 3 uses to access the LDAP directory.
mailman__ldap_self_rdn: 'uid=mailman'
-
mailman__ldap_self_object_classes
¶
List of object classes that will be used to create the LDAP service account.
mailman__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
-
mailman__ldap_self_attributes
¶
YAML dictionary that defines the attributes of the LDAP service account.
mailman__ldap_self_attributes:
uid: '{{ mailman__ldap_self_rdn.split("=")[1] }}'
userPassword: '{{ mailman__ldap_bind_password }}'
host: '{{ [ ansible_fqdn, ansible_hostname ] | unique }}'
description: 'Account used by the "mailman" service to access the LDAP directory'
-
mailman__ldap_starttls
¶
Enable or disable StartTLS for encrypted connections to the LDAP server.
mailman__ldap_starttls: True
-
mailman__ldap_bind_dn
¶
The Distinguished Name of the service account object that Mailman 3 uses to access the LDAP directory.
mailman__ldap_bind_dn: '{{ ([ mailman__ldap_self_rdn ]
+ mailman__ldap_device_dn) | join(",") }}'
-
mailman__ldap_bind_password
¶
The password used by Mailman 3 to access the LDAP directory.
mailman__ldap_bind_password: '{{ lookup("password", secret + "/ldap/credentials/"
+ mailman__ldap_bind_dn | to_uuid
+ ".password chars=ascii_letters,digits length=22") }}'
-
mailman__ldap_base_dn
¶
The base Distinguished Name of the LDAP directory, defined as a YAML list.
mailman__ldap_base_dn: '{{ ansible_local.ldap.basedn
if (ansible_local.ldap.basedn|d())
else "dc=" + ansible_domain.split(".")
| join(",dc=") }}'
-
mailman__ldap_people_rdn
¶
The Relative Distinguished Name of the LDAP subtree that contains personal entries.
mailman__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn|d("ou=People") }}'
-
mailman__ldap_groups_rdn
¶
The Relative Distinguished Name of the LDAP subtree that contains group entries.
mailman__ldap_groups_rdn: '{{ ansible_local.ldap.groups_rdn|d("ou=Groups") }}'
-
mailman__ldap_people_dn
¶
The Distinguished Name of the LDAP subtree that contains personal entries.
mailman__ldap_people_dn: '{{ mailman__ldap_people_rdn + ","
+ mailman__ldap_base_dn }}'
-
mailman__ldap_groups_dn
¶
The Distinguished Name of the LDAP subtree that contains group entries.
mailman__ldap_groups_dn: '{{ mailman__ldap_groups_rdn + ","
+ mailman__ldap_base_dn }}'
-
mailman__ldap_people_filter
¶
The LDAP filter to query personal entries with.
mailman__ldap_people_filter: '(&
(objectClass=inetOrgPerson)
(|
(uid=%(user)s)
(mail=%(user)s)
)
(|
(authorizedService=all)
(authorizedService=mailman)
)
)'
-
mailman__ldap_groups_filter
¶
The LDAP filter to query group entries with.
mailman__ldap_groups_filter: '(objectClass=groupOfNames)'
-
mailman__ldap_superusers_group
¶
The name of the LDAP group that contains the superusers. Members of this group are given full administrative privileges in the Mailman 3 web interface.
mailman__ldap_superusers_group: 'cn=UNIX Administrators'