Getting started

Example inventory

To enable the nslcd service on a host, you need to add it to the [debops_service_nslcd] Ansible inventory group. The host should also be configured with base LDAP support via the debops.ldap role (see its documentation for more details):

[debops_service_ldap]
hostname

[debops_service_nslcd]
hostname

A common case is configuration of LDAP authentication in the entire cluster of hosts. You can enable debops.nslcd role on all DebOps hosts in the Ansible inventory at once:

[debops_all_hosts]
hostname1
hostname2

[debops_service_nslcd:children]
debops_all_hosts

The nslcd service can also be installed and configured by other playbooks, for example bootstrap-ldap.yml. In such cases the custom playbook will configure the nslcd service on a host, but the role playbook will not work on a host automatically; you will have to include that host in the [debops_service_nslcd] Ansible inventory group via one of the methods above to be able to change the service configuration.

Example playbook

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.nslcd role:

---

- name: Manage nslcd service
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_service_nslcd' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: python
      tags: [ 'role::python', 'skip::python', 'role::ldap' ]
      python__dependent_packages3:
        - '{{ ldap__python__dependent_packages3 }}'
      python__dependent_packages2:
        - '{{ ldap__python__dependent_packages2 }}'

    - role: ldap
      tags: [ 'role::ldap', 'skip::ldap' ]
      ldap__dependent_tasks:
        - '{{ nslcd__ldap__dependent_tasks }}'

    - role: nslcd
      tags: [ 'role::nslcd', 'skip::nslcd' ]

    - role: nsswitch
      tags: [ 'role::nsswitch', 'skip::nsswitch' ]
      nsswitch__dependent_services:
        - '{{ nslcd__nsswitch__dependent_services }}'

Ansible tags

You can use Ansible --tags or --skip-tags parameters to limit what tasks are performed during Ansible run. This can be used after host is first configured to speed up playbook execution, when you are sure that most of the configuration has not been changed.

Available role tags:

role::nslcd

Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.

Other resources

List of other useful resources related to the debops.nslcd Ansible role: