Using Ansible to set up an OpenLDAP environment

Because I need an OpenLDAP environment for testing purposes I wrote three Ansible-roles to create an environment with three OpenLDAP-servers, one provider and two consumers.
Everything you need are three Debian-VMs with ssh-rootlogin with password. This will  be revoked at the end of the first script, after setting up a sudo-user.
The name of the first role is setup_server, this role will do the first equal steps on all

  • All the needed packages will be installed
  • An ansible user will be created on all servers
  • The public-key from ansible-user on the control-host will be copied to all servers
  • Setting up sudo with no-password for the ansible-user
  • The certificate for all servers will be copied to all servers, depending on the hostname (see
  • Some ACLs will be set
  • Setting the loglevel 

After the first run the root-login via ssh with password is no longer possible. 

The second role setup_provider will do the following tasks:

  • Loading the sycprov-modul and configure it
  • Create a user for replication with read-permission to all objects and all attributes
  • Create a user with write-permission to all object and all attributes this user will be used to manage the objects

The third role will setup the two consumers:

  • Configuring the replication 

You can download all roles here.

This entry was posted in Ansible. Bookmark the permalink.