Ansible Role: nslcd

An Ansible role that configures nslcd, i.e. authentication via LDAP.

Note: PAM is not yet done with this role or through dependencies!

Table of Contents

• Requirements
• Role Variables
• Dependencies
• Example Playbook
  • Top-Level Playbook
  • Role Dependency
• License
• Author Information

Requirements

• Ansible 2.9

Role Variables

First, ldap needs to be defined in nsswitch.conf:

nsswitch_passwd: [files, ldap]
nsswitch_group: [files, ldap]
nsswitch_shadow: [files, ldap]

Then, for nslcd.conf:

nslcd_uris:
  - ldaps://ldap.example.org

nslcd_base: 'dc=example,dc=org'
nslcd_user_base: 'ou=people,dc=example,dc=org'
nslcd_group_base: 'ou=group,dc=example,dc=org'

nslcd_user_filter: >-
  (&(|(appRights=foo)(uid=alice)(uid=bob))(nsrole=*self*))

nslcd_min_uid: 2000

For more information, read man 5 nslcd.conf.

Note: Currently, not all parameters of nslcd.conf can be configured. If you need something, feel free to contribute!

Dependencies

• idiv_biodiversity.nsswitch

Example Playbook

Add to requirements.yml:

---

roles:

  - src: idiv_biodiversity.nsswitch
  - src: idiv_biodiversity.nslcd

...

Download:

$ ansible-galaxy role install -r requirements.yml

Top-Level Playbook

Write a top-level playbook:

---

- name: head server
  hosts: head

  roles:
    - role: idiv_biodiversity.nslcd
      tags:
        - nslcd

...

Role Dependency

Define the role dependency in meta/main.yml:

---

dependencies:

  - role: idiv_biodiversity.nslcd
    tags:
      - nslcd

...

License

MIT

Author Information

This role was created in 2023 by Christian Krause aka wookietreiber at GitHub, HPC cluster systems administrator at the German Centre for Integrative Biodiversity Research (iDiv).