ansible-openldap
################

Ansible role for installing OpenLDAP, phpLDAPadmin and daily backup.

Requirements
------------

- Debian Jessie.

Role Variables
--------------

::

    openldap_organization: '{{ ansible_domain }}' #Organization name, defaults to the domain name.
    openldap_domain: '{{ ansible_domain }}' #LDAP domain, converted to ldap formatted. Defaults to the domain name of the machine.
    openldap_basedn: #LDAP base distinguished name, defaults to machine's domain converted to LDAP format.
    openldap_password: #Password for admin account, must be set.
    openldap_tls_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem #TLS cert.
    openldap_tls_key: /etc/ssl/private/ssl-cert-snakeoil.key #TLS key.
    openldap_tls_ca_cert: '{{ openldap_tls_cert }}' #TLS cert for CA.

Dependencies
------------

None.

Example Playbook
----------------

::

    - hosts: servers
      roles:
         - role: ansible-openldap
           openldap_tls_cert: /etc/ssl/certs/internal.pem
           openldap_tls_key: /etc/ssl/private/internal.key

License
-------

MIT

Author Information
------------------

Nimrod Adar.

Restore procedure
-----------------

Deleting existing basedn: ::

    ldapdelete -Y EXTERNAL -r #Run as root, no password needed.
    ldapdelete -rxWD "cn=admin,dc=example,dc=com" #Run as any user, asks for OpenLDAP admin password.

Restoring from backup: ::

    ldapadd -Y EXTERNAL -f backup.ldif #Run as root, no password needed.
    ldapadd -xWD "cn=admin,dc=example,dc=com -f backup.ldif #Run as any user, asks for OpenLDAP admin password.

TODO
----

- dhparams https://weakdh.org/sysadmin.html.
- Test backup script.
- Log to syslog (Apache as well).
- Metrics (also Apache).
- Testing (ldaps, backup and restore).
- Configure all preseeding via ldap modules (keep preseeding, or maybe just
  reconfigure the package if the debconf answers change?).