From d81fb9153a81ce568facfad70cbd81a8b5f0026d Mon Sep 17 00:00:00 2001 From: vincent Date: Wed, 18 Aug 2021 18:11:16 +0200 Subject: [PATCH] adapt role for LDAP --- tasks/main.yml | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index fd32f58..d2f26e6 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -59,16 +59,23 @@ - name: create profil user: - name: "{{user.name}}" # required. Name of the user to create, remove or modify. - create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5. - password: "{{userPassword}}" # not required. Optionally set the user's password to this crypted value.,On macOS systems, this value has to be cleartext. Beware of security issues.,See U(https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module) for details on various ways to generate these password values. - system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users. - state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated. - ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory. - uid: "{{ user.uid }}" - shell: /bin/bash + name: "{{user.name}}" # required. Name of the user to create, remove or modify. + create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5. + password: "{{userPassword}}" # not required. Optionally set the user's password to this crypted value.,On macOS systems, this value has to be cleartext. Beware of security issues.,See U(https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module) for details on various ways to generate these password values. + system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users. + state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated. + ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory. + uid: "{{ user.uid }}" + shell: /bin/bash + when: sssd_configure is not defined or sssd_configure == false + +- name: simulate login + stat: + path: "/home/{{user.name}}" + become: true + become_user: "{{user.name}}" + when: sssd_configure == true -- name : set sudoers right lineinfile: dest: '/etc/sudoers.d/{{user.name}}' regexp: '{{ item.regexp }}' @@ -80,16 +87,15 @@ mode: '0440' validate: 'visudo -cf "%s"' with_items: - - regexp: '^%{{user.name}}\s' - line: '%{{user.name}} ALL = (ALL) NOPASSWD:ALL' - + - regexp: '^{{user.name}}\s' + line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL" - name: Ensure /etc/sudoers includes /etc/sudoers.d lineinfile: - dest: '/etc/sudoers' + dest: "/etc/sudoers" regexp: '^#includedir\s+/etc/sudoers.d$' - line: '#includedir /etc/sudoers.d' - state: 'present' + line: "#includedir /etc/sudoers.d" + state: "present" validate: 'visudo -cf "%s"'