ansible-role-ldap-client-co.../defaults/main.yml

47 lines
1.6 KiB
YAML

---
ldap_uri: "ldap://ldap.example.org"
ldap_base_dn: "dc=example,dc=org"
ldap_tls_deb_cacert: /etc/ssl/certs/ca-certificates.crt
ldap_version: 3
ldap_nss_ignoreusers: 'avahi,backup,bin,daemon,games,gnats,irc,libuuid,list,lp,mail,man,messagebus,munin,news,nslcd,proxy,root,rstudio-server,sshd,sync,sys,syslog,uucp,www-data'
nslcd_install: False
nslcd_ssl: True
nslcd_tls_reqcert: 'demand'
nslcd_search_scope: 'sub'
nslcd_authenticated_bind: False
nslcd_binddn: 'cn=anonymous,dc=example,dc=net'
nslcd_bindpw: 'use a vault'
# * ldap-auth-config/rootbindpw: (password omitted)
# ldap-auth-config/bindpw: (password omitted)
# ldap-auth-config/pam_password: md5
# * ldap-auth-config/move-to-debconf: true
# * ldap-auth-config/ldapns/ldap-server: ldapi:///
# * ldap-auth-config/ldapns/base-dn: dc=example,dc=net
# * ldap-auth-config/ldapns/ldap_version: 3
# ldap-auth-config/override: true
# * ldap-auth-config/dbrootlogin: true
# * ldap-auth-config/rootbinddn: cn=manager,dc=example,dc=net
# * ldap-auth-config/dblogin: false
# ldap-auth-config/binddn: cn=proxyuser,dc=example,dc=net
# ldap_client_deb_ldapscripts: False
# nslcd/ldap-bindpw: (password omitted)
# * nslcd/ldap-base: dc=example,dc=net
# nslcd/ldap-sasl-mech:
# nslcd/ldap-sasl-realm:
# * nslcd/ldap-reqcert: demand
# nslcd/ldap-sasl-authzid:
# nslcd/ldap-starttls: false
# nslcd/ldap-auth-type: none
# nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt
# nslcd/ldap-sasl-secprops:
# nslcd/ldap-sasl-authcid:
# * nslcd/ldap-uris: ldapi:///
# nslcd/ldap-binddn:
# * libnss-ldapd/nsswitch: passwd
# libnss-ldapd/clean_nsswitch: false