Getting started¶
Example inventory¶
To enable the nslcd service on a host, you need to add it to the
[debops_service_nslcd]
Ansible inventory group. The host should also be
configured with base LDAP support via the debops.ldap role (see its
documentation for more details):
[debops_service_ldap]
hostname
[debops_service_nslcd]
hostname
A common case is configuration of LDAP authentication in the entire cluster of hosts. You can enable debops.nslcd role on all DebOps hosts in the Ansible inventory at once:
[debops_all_hosts]
hostname1
hostname2
[debops_service_nslcd:children]
debops_all_hosts
The nslcd service can also be installed and configured by other
playbooks, for example bootstrap-ldap.yml
. In such cases the custom
playbook will configure the nslcd service on a host, but the role
playbook will not work on a host automatically; you will have to include that
host in the [debops_service_nslcd]
Ansible inventory group via one of the
methods above to be able to change the service configuration.
Example playbook¶
If you are using this role without DebOps, here's an example Ansible playbook
that uses the debops.nslcd
role:
---
- name: Manage nslcd service
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debops_service_nslcd' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
roles:
- role: python
tags: [ 'role::python', 'skip::python', 'role::ldap' ]
python__dependent_packages3:
- '{{ ldap__python__dependent_packages3 }}'
python__dependent_packages2:
- '{{ ldap__python__dependent_packages2 }}'
- role: ldap
tags: [ 'role::ldap', 'skip::ldap' ]
ldap__dependent_tasks:
- '{{ nslcd__ldap__dependent_tasks }}'
- role: nslcd
tags: [ 'role::nslcd', 'skip::nslcd' ]
- role: nsswitch
tags: [ 'role::nsswitch', 'skip::nsswitch' ]
nsswitch__dependent_services:
- '{{ nslcd__nsswitch__dependent_services }}'
Ansible tags¶
You can use Ansible --tags
or --skip-tags
parameters to limit what
tasks are performed during Ansible run. This can be used after host is first
configured to speed up playbook execution, when you are sure that most of the
configuration has not been changed.
Available role tags:
role::nslcd
- Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.
Other resources¶
List of other useful resources related to the debops.nslcd
Ansible role:
- Manual pages: nslcd.conf(5)
- LDAP support in DebOps: client-side, server-side
- LDAP/NSS setup instructions in the Debian Wiki
- LDAP/PAM setup instructions in the Debian Wiki
- LDAP authentication documentation in the Arch Wiki
- Debian LDAP Portal page in the Debian Wiki