fix install recipe for debian (#14)

Author: David Coutadeur

defaults/main.yml

@@ -14,7 +14,7 @@ ldaptoolbox_openldap_apt_validate_certs: "true"
 
 # Packages
 ldaptoolbox_openldap_packages_base: openldap-ltb, openldap-ltb-contrib-overlays, openldap-ltb-mdb-utils
-ldaptoolbox_openldap_packages_dependencies: libcrack2, curl
+ldaptoolbox_openldap_packages_dependencies: libcrack2, curl, gpg
 ldaptoolbox_openldap_packages_state: present
 
 # Filesystem
@@ -25,7 +25,7 @@ ldaptoolbox_openldap_configuration_prefix: "config"
 ldaptoolbox_openldap_configuration_owner: ldap
 ldaptoolbox_openldap_configuration_group: ldap
 ldaptoolbox_openldap_configuration_mode: 0600
-ldaptoolbox_openldap_sslgroup: "{{ 'root' if ansible_os_family == 'RedHat' else 'ssl-cert' }}"
+ldaptoolbox_openldap_sslgroup: "{{ 'root' }}"
 
 # OpenLDAP LTB CLI command path
 ldaptoolbox_openldap_slapd_cli_cmd: /usr/local/openldap/sbin/slapd-cli
@@ -48,9 +48,7 @@ ldaptoolbox_openldap_custom_schema_list: []
 ldaptoolbox_openldap_schema_dir: /usr/local/openldap/etc/openldap/schema
 
 # Certificates
-ldaptoolbox_openldap_olcTLSCACertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ca-certificates.crt' }}"
-ldaptoolbox_openldap_olcTLSCertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ssl-cert-snakeoil.pem' }}"
-ldaptoolbox_openldap_olcTLSCertificateKeyFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/private/ssl-cert-snakeoil.key' }}"
+ldaptoolbox_openldap_olcTLSCipherSuite: "TLSv1.3:TLSv1.2"
 ldaptoolbox_openldap_olcTLSProtocolMin: 3.3
 
 # Log level

playbook/inventory

@@ -4,3 +4,4 @@ prod:
     master2:
     slave1:
     slave2:
+    standalone:

playbook/standalone.yml

@@ -2,20 +2,22 @@
 # example of playbook for a standalone installation
 ################################################################################
 ---
-- hosts: localhost
+- hosts: standalone
   remote_user: root
   vars_files:
     - credentials-vault.yml
+    - certificates-vault.yml
   vars:
     # Define suffix
     - ldaptoolbox_openldap_suffix: "dc=my-organization,dc=com"
     # include extra schema
     - ldaptoolbox_openldap_custom_schema_srcdir: "{{ playbook_dir }}/files/ldaptoolbox.oldap/usr/local/openldap/etc/openldap/schema"
     - ldaptoolbox_openldap_custom_schema_list: [ custom.ldif ]
-    # define certificates (must be deployed before)
-    - ldaptoolbox_openldap_olcTLSCACertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ca-certificates.crt' }}"
-    - ldaptoolbox_openldap_olcTLSCertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ssl-cert-snakeoil.pem' }}"
-    - ldaptoolbox_openldap_olcTLSCertificateKeyFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/private/ssl-cert-snakeoil.key' }}"
+    # deploy certificates
+    - ldaptoolbox_openldap_olcTLSCACertificateFile: "{{ '/usr/local/openldap/etc/openldap/certs/ca.crt' }}"
+    - ldaptoolbox_openldap_olcTLSCertificateFile: "{{ '/usr/local/openldap/etc/openldap/certs/openldap.crt' }}"
+    - ldaptoolbox_openldap_olcTLSCertificateKeyFile: "{{ '/usr/local/openldap/etc/openldap/certs/openldap.key' }}"
+    - ldaptoolbox_openldap_olcTLSDHParamFile: "{{ '/usr/local/openldap/etc/openldap/certs/dhparams' }}"
     # Accounts and passwords
     - ldaptoolbox_openldap_config_olcRootDN: cn=admin,cn=config
     - ldaptoolbox_openldap_config_olcRootPW_hash: "{{ ldaptoolbox_openldap_config_olcRootPW_hash_vault }}"