Default variable details¶
some of debops.saslauthd
default variables have more extensive
configuration than simple strings or lists, here you can find documentation and
examples for them.
saslauthd__instances¶
The saslauthd__*_instances
variables are used to configure separate
instances of the saslauthd daemon for different services. The
variables are merged together in the order defined by the
saslauthd__combined_instances
variable, therefore it's possible to
modify existing instances defined by the role through Ansible inventory.
Each variable is defined as a list of YAML dictionaries with specific parameters:
name
- Required. Name of a given saslauthd instance. Used as a suffix of
the
/etc/default/saslauthd-*
configuration files. config_path
- Required. Absolute path where SASL configuration file will be created.
socket_path
- Required. Absolute path to a directory where saslauthd UNIX domain socket will be placed.
state
- Optional. If not specified or
present
, a given instance will be configured. Ifabsent
, a given instance will be removed. Ifignore
, a given instance will not be managed by the role. group
- Optional. Ensure that the specified UNIX group is present on the host. This might be needed if directories or files should use non-default UNIX groups. Only one group can be specified at once.
system
- Optional, boolean. If not specified or
True
, the created UNIX group will be a system group with GID < 1000. IfFalse
, it will be a normal group with GID >= 1000. notify
- Optional. String or a list which contains names of the Ansible handlers to notify when a configuration changes. This parameter makes sense only in dependent configuration, because the handlers need to be present in a given Ansible playbook.
The parameters specified next are used and related to the saslauthd
daemon configuration files located in /etc/default/saslauthd-*
:
start
- Optional, boolean. If not specified or
True
, a given instance will be automatically started at system boot. ifFalse
, it won't be started automatically. desc
,description
- Optional. A string that describes a given saslauthd daemon instance in the configuration file.
mech
,mechanism
,mechanisms
- Optional. Specify the authentication mechanism to use by a given
saslauthd instance. If not specified,
pam
is used by default. mech_options
- Optional. Custom options defined for a given authorization mechanism.
threads
- Optional. Number of process threads to start for a given saslauthd instance. If not specified, the number of threads will be equal to the number of VCPU cores of a given host.
daemon_options
- Optional. Additional saslauthd daemon options for a given
instance. If not specified,
-c
is added by default. ldap_profile
- Optional. Name of the LDAP profile to
use for a given saslauthd instance. If not specified, the
global
profile located in the/etc/saslauthd.conf
configuration file will be used by default. This parameter is only valid with theldap
authentication mechanism enabled.
The following parameters are related to the SASL configuration file generated for a given instance:
config_dir_owner
- Optional. The owner of the directory with the configuration file. If not
specified,
root
is used by default. config_dir_group
- Optional. The primary group of the directory with the configuration file. If
not specified,
root
is used by default. config_dir_mode
- Optional. The permissions of the directory with the configuration file. If
not specified,
0755
is set by default. config_owner
- Optional. The UNIX account which will be the owner of the configuration file.
If not specified,
root
will be the owner. config_group
- Optional. The UNIX group which will be the primary group of the configuration
file. If not specified,
sasl
will be used by default. config_mode
- Optional. The permissions set for the configuration file. If not specified,
0640
permissions will be set by default. config_raw
- Optional. a string or YAML text block with the SASL configuration which will be placed in the configuration file as-is.
These parameters are related to the UNIX socket of a given saslauthd instance:
socket_owner
- Optional. The UNIX account which will be set as the owner of the directory
where the saslauthd UNIX socket is located. If not specified,
root
will be used by default. socket_group
- Optional. The UNIX group which will be set as the primary group of the
directory with the saslauthd UNIX socket. If not specified,
sasl
will be used by default. socket_mode
- Optional. The permissions of the directory with the saslauthd UNIX
socket. If not specified,
0710
will be used by default.
Examples¶
Modify existing Postfix configuration to connect to a PostgreSQL database:
saslauthd__instances:
- name: 'smtpd'
config_raw: |
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine: pgsql
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: password
sql_database: mail
sql_select: select password from mailboxes where name='%u' and domain='%r' and smtp_enabled=1
saslauthd__ldap_profiles¶
The saslauthd__ldap_*_profiles
variables define a list of "LDAP profiles",
/etc/saslauthd-*.conf
configuration files which configure the ldap
SASL authentication mechanism. The saslauthd service instances can
select a LDAP profile to use, or if not defined, will fall back to the
/etc/saslauthd.conf
configuration file which is defined in the
global
LDAP profile.
Examples¶
Check the saslauthd__ldap_default_profiles
variable for a set of
default LDAP profiles defined in the role.
The manual for the /etc/saslauthd.conf
configuration file is not
available in Debian directly. You can find it in the cyrus-sasl2-doc
APT
package, in the /usr/share/doc/cyrus-sasl2-doc/LDAP_SASLAUTHD.gz
file.
Syntax¶
Each LDAP profile definition is a YAML dictionary with specific parameters:
name
Required. The name of the LDAP profile, used in the filename. You can select a given LDAP profile in the SASL instance configuration by specifying this name in the
ldap_profile
parameter.Multiple configuration entries with the same
name
parameter are merged together and can affect each other.state
- Optional. If not specified or
present
, a given LDAP profile configuration file is created on the host. Ifabsent
, a given LDAP profile will be removed from the host. Ifignore
, this configuration entry will not be evaluated by the role during execution. owner
- Optional. The UNIX account which will be the owner of the generated
configuration file. If not specified,
root
is used by default. group
- Optional. The UNIX group of the generated configuration file. If not
specified,
sasl
is used by default. mode
- Optional. The mode of the generated configuration file. If not specified,
0640
is used by default. raw
- Optional. String or YAML text block with contents of the
/etc/saslauthd.conf
configuration, inserted in the configuration file as-is. options
Optional. If the
raw
configuration parameter is not specified, this parameter can be used to define the contents of the configuration file. Theoptions
parameters from multiple configuration entries with the samename
parameter are merged together, and can affect each other.The configuration is defined as a list of YAML dictionaries with specific parameters:
name
- The name of the configuration option.
value
- The value of the configuration option, defined as a string or a YAML list which list elements joined by spaces.
state
- If not specified or
present
, a given configuration option will be present in the generated file. Ifabsent
, a given configuration option will be removed from the generated file.