Getting started
Support for sudoers in LDAP
The debops.sudo role will automatically enable integration with the
debops.ldap Ansible role to configure support for sudoers
rules
defined in the LDAP directory. When the LDAP support and LDAP-POSIX
integration is enabled on a host, the role will register its
own LDAP account object (using debops.ldap as a dependency) and
configure access to the LDAP directory using simple bind. The
debops.slapd role will create the needed LDAP directory structures
required for sudoers
rules.
See the sudoers.ldap(5) manual page for more details about the LDAP support in sudo.
Example inventory
The debops.sudo
role is included by default in the common.yml
DebOps
playbook; you don't need to add hosts to any Ansible groups to enable it.
Example playbook
If you are using this role without DebOps, here's an example Ansible playbook
that uses the debops.sudo
role:
---
- name: Configure sudo service
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debops_all_hosts', 'debops_service_sudo' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
roles:
- role: python
tags: [ 'role::python', 'skip::python', 'role::ldap' ]
python__dependent_packages3:
- '{{ ldap__python__dependent_packages3 }}'
python__dependent_packages2:
- '{{ ldap__python__dependent_packages2 }}'
- role: ldap
tags: [ 'role::ldap', 'skip::ldap' ]
ldap__dependent_tasks:
- '{{ sudo__ldap__dependent_tasks }}'
- role: sudo
tags: [ 'role::sudo', 'skip::sudo' ]
Other resources
List of other useful resources related to the debops.sudo
Ansible role:
Manual pages: sudo(8), sudoers(5), sudoers.ldap(5)