Default variable details

some of debops.saslauthd default variables have more extensive configuration than simple strings or lists, here you can find documentation and examples for them.

saslauthd__instances
saslauthd__ldap_profiles

saslauthd__instances 

The saslauthd__*_instances variables are used to configure separate instances of the saslauthd daemon for different services. The variables are merged together in the order defined by the saslauthd__combined_instances variable, therefore it's possible to modify existing instances defined by the role through Ansible inventory.

Each variable is defined as a list of YAML dictionaries with specific parameters:

name: Required. Name of a given saslauthd instance. Used as a suffix of the /etc/default/saslauthd-* configuration files.
config_path: Required. Absolute path where SASL configuration file will be created.
socket_path: Required. Absolute path to a directory where saslauthd UNIX domain socket will be placed.
state: Optional. If not specified or present, a given instance will be configured. If absent, a given instance will be removed. If ignore, a given instance will not be managed by the role.
group: Optional. Ensure that the specified UNIX group is present on the host. This might be needed if directories or files should use non-default UNIX groups. Only one group can be specified at once.
system: Optional, boolean. If not specified or True, the created UNIX group will be a system group with GID < 1000. If False, it will be a normal group with GID >= 1000.
notify: Optional. String or a list which contains names of the Ansible handlers to notify when a configuration changes. This parameter makes sense only in dependent configuration, because the handlers need to be present in a given Ansible playbook.

The parameters specified next are used and related to the saslauthd daemon configuration files located in /etc/default/saslauthd-*:

start: Optional, boolean. If not specified or True, a given instance will be automatically started at system boot. if False, it won't be started automatically.
desc, description: Optional. A string that describes a given saslauthd daemon instance in the configuration file.
mech, mechanism, mechanisms: Optional. Specify the authentication mechanism to use by a given saslauthd instance. If not specified, pam is used by default.
mech_options: Optional. Custom options defined for a given authorization mechanism.
threads: Optional. Number of process threads to start for a given saslauthd instance. If not specified, the number of threads will be equal to the number of VCPU cores of a given host.
daemon_options: Optional. Additional saslauthd daemon options for a given instance. If not specified, -c is added by default.
ldap_profile: Optional. Name of the LDAP profile to use for a given saslauthd instance. If not specified, the global profile located in the /etc/saslauthd.conf configuration file will be used by default. This parameter is only valid with the ldap authentication mechanism enabled.

The following parameters are related to the SASL configuration file generated for a given instance:

config_dir_owner: Optional. The owner of the directory with the configuration file. If not specified, root is used by default.
config_dir_group: Optional. The primary group of the directory with the configuration file. If not specified, root is used by default.
config_dir_mode: Optional. The permissions of the directory with the configuration file. If not specified, 0755 is set by default.
config_owner: Optional. The UNIX account which will be the owner of the configuration file. If not specified, root will be the owner.
config_group: Optional. The UNIX group which will be the primary group of the configuration file. If not specified, sasl will be used by default.
config_mode: Optional. The permissions set for the configuration file. If not specified, 0640 permissions will be set by default.
config_raw: Optional. a string or YAML text block with the SASL configuration which will be placed in the configuration file as-is.

These parameters are related to the UNIX socket of a given saslauthd instance:

socket_owner: Optional. The UNIX account which will be set as the owner of the directory where the saslauthd UNIX socket is located. If not specified, root will be used by default.
socket_group: Optional. The UNIX group which will be set as the primary group of the directory with the saslauthd UNIX socket. If not specified, sasl will be used by default.
socket_mode: Optional. The permissions of the directory with the saslauthd UNIX socket. If not specified, 0710 will be used by default.

Examples

Modify existing Postfix configuration to connect to a PostgreSQL database:

saslauthd__instances:

  - name: 'smtpd'
    config_raw: |
      pwcheck_method: auxprop
      auxprop_plugin: sql
      mech_list: plain login cram-md5 digest-md5
      sql_engine: pgsql
      sql_hostnames: 127.0.0.1
      sql_user: postfix
      sql_passwd: password
      sql_database: mail
      sql_select: select password from mailboxes where name='%u' and domain='%r' and smtp_enabled=1

saslauthd__ldap_profiles 

The saslauthd__ldap_*_profiles variables define a list of "LDAP profiles", /etc/saslauthd-*.conf configuration files which configure the ldap SASL authentication mechanism. The saslauthd service instances can select a LDAP profile to use, or if not defined, will fall back to the /etc/saslauthd.conf configuration file which is defined in the global LDAP profile.

Examples

Check the saslauthd__ldap_default_profiles variable for a set of default LDAP profiles defined in the role.

The manual for the /etc/saslauthd.conf configuration file is not available in Debian directly. You can find it in the cyrus-sasl2-doc APT package, in the /usr/share/doc/cyrus-sasl2-doc/LDAP_SASLAUTHD.gz file.

Syntax

Each LDAP profile definition is a YAML dictionary with specific parameters:

name

Required. The name of the LDAP profile, used in the filename. You can select a given LDAP profile in the SASL instance configuration by specifying this name in the ldap_profile parameter.

Multiple configuration entries with the same name parameter are merged together and can affect each other.

state

Optional. If not specified or present, a given LDAP profile configuration file is created on the host. If absent, a given LDAP profile will be removed from the host. If ignore, this configuration entry will not be evaluated by the role during execution.

owner

Optional. The UNIX account which will be the owner of the generated configuration file. If not specified, root is used by default.

group

Optional. The UNIX group of the generated configuration file. If not specified, sasl is used by default.

mode

Optional. The mode of the generated configuration file. If not specified, 0640 is used by default.

raw

Optional. String or YAML text block with contents of the /etc/saslauthd.conf configuration, inserted in the configuration file as-is.

options

Optional. If the raw configuration parameter is not specified, this parameter can be used to define the contents of the configuration file. The options parameters from multiple configuration entries with the same name parameter are merged together, and can affect each other.

The configuration is defined as a list of YAML dictionaries with specific parameters:

name: The name of the configuration option.
value: The value of the configuration option, defined as a string or a YAML list which list elements joined by spaces.
state: If not specified or present, a given configuration option will be present in the generated file. If absent, a given configuration option will be removed from the generated file.

Default variable details

saslauthd__instances

Examples

saslauthd__ldap_profiles

Examples

Syntax

saslauthd__instances 

saslauthd__ldap_profiles 