add Centos Support for Ldap

a1dac7cc · Pullyvan Krishnamoorthy · 2b98aa51 · a1dac7cc
Commit a1dac7cc authored 4 years ago by Pullyvan Krishnamoorthy
--- a/tasks/main.yml
+++ b/tasks/main.yml
 ---
 # tasks file for sti_it.ldap_authentication
 - name: install required packages
-  apt: 
+  apt:
    name: "{{ item }}"
    update_cache: yes
    state: present
@@ -14,6 +14,34 @@
    - ldap-utils
  when: ansible_os_family == 'Debian'

+- name: install required packages
+  yum:
+    name: "{{ item }}"
+    update_cache: yes
+    state: present
+  loop:
+    - authconfig
+    - sssd
+    - realmd
+    - oddjob
+    - oddjob-mkhomedir
+    - adcli
+    - samba-common
+    - samba-common-tools
+    - openldap-clients
+    - policycoreutils-python
+    - nfs4-acl-tools
+    - nfs-utils
+    - libnfsidmap
+    - libsss_idmap
+    - sssd-winbind-idmap
+    - sudo
+    - openldap
+    - openldap-clients
+    - pam_ldap
+    - nss-pam-ldapd
+  when: ansible_distribution == "CentOS"
+
 - name: make sure that the CA certs path exists
  file:
    path: /etc/openldap/cacerts
@@ -51,6 +79,9 @@
  notify:
    - restart sssd

+
+
+
 # - name: ensure that ldap automount is added to nsswitch.conf
 #   lineinfile:
 #     line: 'automount:      ldap'
@@ -59,7 +90,7 @@
 #   notify:
 #     - restart sssd

- name: generate ldap.conf
+- name: generate ldap.conf for Debian
  template:
    src: ldap.conf
    dest: /etc/ldap/ldap.conf
@@ -67,13 +98,30 @@
    group: root
  notify:
    - restart sssd
+  when: ansible_os_family == 'Debian'
+
+- name: generate ldap.conf for Centos
+  template:
+    src: ldap.conf
+    dest: /etc/openldap/ldap.conf
+    owner: root
+    group: root
+  notify:
+    - restart sssd
+  when: ansible_distribution == "CentOS"

 # As per documentation at https://docs.google.com/document/d/1sfBkcqaGm4M3U6_uqVWSZ1MxKvnH5FK1U4OXr_HDU-w/edit#heading=h.tdhi5uogtedq
 # and at https://help.ubuntu.com/community/LDAPClientAuthentication#Automatically_create_home_folders
- name: automate the homedir creation process
+- name: automate the homedir creation process for Debian
  template:
    src: my_mkhomedir
    dest: /usr/share/pam-configs/my_mkhomedir
+  when: ansible_os_family == 'Debian'
+
+
+- name: automate the homedir creation process for CentOS
+  shell: authconfig --enablemkhomedir --update
+  when: ansible_distribution == "CentOS"

 - name: activate the creation of the homedir
  lineinfile:
@@ -82,3 +130,7 @@
    insertafter: EOF
  notify:
    - restart sssd
+  when: ansible_os_family == 'Debian'
+- name: join Ldap Centos
+  shell: authconfig --kickstart --enableshadow --enablemd5 --passalgo=sha512 --enableldap --ldapserver=ldap.epfl.ch --ldapbasedn=o=epfl,c=ch --enableldapauth --enableforcelegacy --enableldaptls --disablefingerprint --updateall
+  when: ansible_distribution == "CentOS"