LDAP Directory Information Tree
This document describes how the debops.nslcd Ansible role fits in the LDAP directory structure organized by DebOps.
Directory structure
Object Classes and Attributes
Access Control
DebOps LDAP environment includes the 'ldapns' schema which can be used to define access control rules to services. The lists below define the attribute values which will grant access to the service managed by the debops.nslcd role, and specifies other roles with the same access control rules:
objectClass
hostObject
, attributehost
:posix:all
(all hosts)posix:hostname.example.org
posix:*.example.org
posix:urn:<pattern>
(seenslcd__ldap_posix_urns
variable)
LDAP filter definition: nslcd__ldap_host_filter
These rules apply to UNIX accounts (passwd
database) as well as UNIX groups
(group
database). UNIX accounts or group without the specified host
attribute values will not be present on a given host.
Parent nodes
Child nodes
There are no child nodes defined for the debops.nslcd Ansible role.