Because I need an OpenLDAP environment for testing purposes I wrote three Ansible-roles to create an environment with three OpenLDAP-servers, one provider and two consumers.
Everything you need are three Debian-VMs with ssh-rootlogin with password. This will be revoked at the end of the first script, after setting up a sudo-user.
The name of the first role is setup_server, this role will do the first equal steps on all servers:
- All the needed packages will be installed
- An ansible user will be created on all servers
- The public-key from ansible-user on the control-host will be copied to all servers
- Setting up sudo with no-password for the ansible-user
- The certificate for all servers will be copied to all servers, depending on the hostname (see README.md)
- Some ACLs will be set
- Setting the loglevel
After the first run the root-login via ssh with password is no longer possible.
The second role setup_provider will do the following tasks:
- Loading the sycprov-modul and configure it
- Create a user for replication with read-permission to all objects and all attributes
- Create a user with write-permission to all object and all attributes this user will be used to manage the objects
The third role will setup the two consumers:
- Configuring the replication
You can download all roles here.