LDAP configuration
- mailman__ldap_enabled
Enable or disable LDAP authentication in the web interface.
mailman__ldap_enabled: '{{ ansible_local.ldap.enabled|d(False) }}'
- mailman__ldap_uri
List of LDAP server URIs.
mailman__ldap_uri: '{{ ansible_local.ldap.uri|d([ "ldap://ldap." + ansible_domain ]) }}'
- mailman__ldap_device_dn
The Distinguished Name of the device LDAP object, defined as a YAML list. It will be used as a base for the Mailman 3 service account object. The role will not create the account object automatically if this list is empty.
mailman__ldap_device_dn: '{{ ansible_local.ldap.device_dn|d([]) }}'
- mailman__ldap_self_rdn
The Relative Distinguished Name of the service account object that Mailman 3 uses to access the LDAP directory.
mailman__ldap_self_rdn: 'uid=mailman'
- mailman__ldap_self_object_classes
List of object classes that will be used to create the LDAP service account.
mailman__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
- mailman__ldap_self_attributes
YAML dictionary that defines the attributes of the LDAP service account.
mailman__ldap_self_attributes:
uid: '{{ mailman__ldap_self_rdn.split("=")[1] }}'
userPassword: '{{ mailman__ldap_bind_password }}'
host: '{{ [ ansible_fqdn, ansible_hostname ] | unique }}'
description: 'Account used by the "mailman" service to access the LDAP directory'
- mailman__ldap_starttls
Enable or disable StartTLS for encrypted connections to the LDAP server.
mailman__ldap_starttls: True
- mailman__ldap_bind_dn
The Distinguished Name of the service account object that Mailman 3 uses to access the LDAP directory.
mailman__ldap_bind_dn: '{{ ([ mailman__ldap_self_rdn ]
+ mailman__ldap_device_dn) | join(",") }}'
- mailman__ldap_bind_password
The password used by Mailman 3 to access the LDAP directory.
mailman__ldap_bind_password: '{{ lookup("password", secret + "/ldap/credentials/"
+ mailman__ldap_bind_dn | to_uuid
+ ".password chars=ascii_letters,digits length=22") }}'
- mailman__ldap_base_dn
The base Distinguished Name of the LDAP directory, defined as a YAML list.
mailman__ldap_base_dn: '{{ ansible_local.ldap.basedn
if (ansible_local.ldap.basedn|d())
else "dc=" + ansible_domain.split(".")
| join(",dc=") }}'
- mailman__ldap_people_rdn
The Relative Distinguished Name of the LDAP subtree that contains personal entries.
mailman__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn|d("ou=People") }}'
- mailman__ldap_groups_rdn
The Relative Distinguished Name of the LDAP subtree that contains group entries.
mailman__ldap_groups_rdn: '{{ ansible_local.ldap.groups_rdn|d("ou=Groups") }}'
- mailman__ldap_people_dn
The Distinguished Name of the LDAP subtree that contains personal entries.
mailman__ldap_people_dn: '{{ mailman__ldap_people_rdn + ","
+ mailman__ldap_base_dn }}'
- mailman__ldap_groups_dn
The Distinguished Name of the LDAP subtree that contains group entries.
mailman__ldap_groups_dn: '{{ mailman__ldap_groups_rdn + ","
+ mailman__ldap_base_dn }}'
- mailman__ldap_people_filter
The LDAP filter to query personal entries with.
mailman__ldap_people_filter: '(&
(objectClass=inetOrgPerson)
(|
(uid=%(user)s)
(mail=%(user)s)
)
(|
(authorizedService=all)
(authorizedService=mailman)
)
)'
- mailman__ldap_groups_filter
The LDAP filter to query group entries with.
mailman__ldap_groups_filter: '(objectClass=groupOfNames)'
- mailman__ldap_superusers_group
The name of the LDAP group that contains the superusers. Members of this group are given full administrative privileges in the Mailman 3 web interface.
mailman__ldap_superusers_group: 'cn=UNIX Administrators'