ansible-roles/openldap-server/templates/base-dn.ldif.j2

dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: {{ openldap_base_dn }}

dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn={{ openldap_admin_user }},{{ openldap_base_dn }}

dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn={{ openldap_admin_user }},{{ openldap_base_dn }}" write by * none

dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {1}to dn.base="" by * read

dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {2}to * by dn="cn={{ openldap_admin_user }},{{ openldap_base_dn }}" write by * read
Various fixes to the ldap playbook. Now force the correct base DN. 2018-03-01 14:30:17 +01:00			`dn: olcDatabase={1}hdb,cn=config`
			`changetype: modify`
			`replace: olcSuffix`
			`olcSuffix: {{ openldap_base_dn }}`

			`dn: olcDatabase={1}hdb,cn=config`
			`changetype: modify`
			`replace: olcRootDN`
			`olcRootDN: cn={{ openldap_admin_user }},{{ openldap_base_dn }}`
Fix the variable that sets the base DN. Add entries to set the main ACLs 2018-03-01 14:48:01 +01:00
			`dn: olcDatabase={1}hdb,cn=config`
			`changetype: modify`
			`replace: olcAccess`
			`olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn={{ openldap_admin_user }},{{ openldap_base_dn }}" write by * none`

			`dn: olcDatabase={1}hdb,cn=config`
			`changetype: modify`
			`replace: olcAccess`
			`olcAccess: {1}to dn.base="" by * read`

			`dn: olcDatabase={1}hdb,cn=config`
			`changetype: modify`
			`replace: olcAccess`
			`olcAccess: {2}to * by dn="cn={{ openldap_admin_user }},{{ openldap_base_dn }}" write by * read`