ansible-role-prosody-master/tasks/configure_ldap.yml

---
# https://www.fyzix.net/index.php?title=Installing_and_configuring_Prosody_%2B_LDAP_support_%2B_Shared_groups_roster_generator
- name: Ensure SASL authd is configured to use LDAP
  lineinfile:
    path: /etc/default/saslauthd
    regexp: '^MECHANISMS='
    line: 'MECHANISMS="ldap"'
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
- name: Ensure SASL authd is enabled to use LDAP
  lineinfile:
    path: /etc/default/saslauthd
    regexp: '^START='
    line: 'START=yes'
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
- name: Ensure SASL authd has LDAP servers configured
  lineinfile:
    path: /etc/saslauthd.conf
    regexp: '^ldap_servers: '
    line: "ldap_servers: ldap://{{ ldap_config['server'] }}:{{ ldap_config['port'] }}/"
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
  notify:
    - Restart SASLAuthd
- name: Ensure SASL authd has LDAP search base configured
  lineinfile:
    path: /etc/saslauthd.conf
    regexp: '^ldap_search_base: '
    line: "ldap_search_base: {{ ldap_config['search'] }},{{ ldap_config['base_dn'] }}"
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
  notify:
    - Restart SASLAuthd
- name: Ensure SASL folder exists
  file:
    path: /etc/sasl
    state: directory
- name: Ensure SASL XMPP password check is configured
  lineinfile:
    path: /etc/sasl/xmpp.conf
    regexp: '^pwcheck_method: '
    line: "pwcheck_method: saslauthd"
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
  notify:
    - Restart SASLAuthd
- name: Ensure SASL XMPP mechanism is configured
  lineinfile:
    path: /etc/sasl/xmpp.conf
    regexp: '^mech_list: '
    line: "mech_list: PLAIN"
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
  notify:
    - Restart SASLAuthd
- name: Ensure Prosody user is part of SASL
  user:
    name: prosody
    append: yes
    groups:
      - sasl
  notify:
    - Restart Prosody.
Initial commit with previous code 2022-10-11 09:19:07 +02:00			`---`
			`# https://www.fyzix.net/index.php?title=Installing_and_configuring_Prosody_%2B_LDAP_support_%2B_Shared_groups_roster_generator`
			`- name: Ensure SASL authd is configured to use LDAP`
			`lineinfile:`
			`path: /etc/default/saslauthd`
			`regexp: '^MECHANISMS='`
			`line: 'MECHANISMS="ldap"'`
			`create: yes`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`backup: yes`
			`- name: Ensure SASL authd is enabled to use LDAP`
			`lineinfile:`
			`path: /etc/default/saslauthd`
			`regexp: '^START='`
			`line: 'START=yes'`
			`create: yes`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`backup: yes`
			`- name: Ensure SASL authd has LDAP servers configured`
			`lineinfile:`
			`path: /etc/saslauthd.conf`
			`regexp: '^ldap_servers: '`
			`line: "ldap_servers: ldap://{{ ldap_config['server'] }}:{{ ldap_config['port'] }}/"`
			`create: yes`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`backup: yes`
			`notify:`
			`- Restart SASLAuthd`
			`- name: Ensure SASL authd has LDAP search base configured`
			`lineinfile:`
			`path: /etc/saslauthd.conf`
			`regexp: '^ldap_search_base: '`
			`line: "ldap_search_base: {{ ldap_config['search'] }},{{ ldap_config['base_dn'] }}"`
			`create: yes`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`backup: yes`
			`notify:`
			`- Restart SASLAuthd`
			`- name: Ensure SASL folder exists`
			`file:`
			`path: /etc/sasl`
			`state: directory`
			`- name: Ensure SASL XMPP password check is configured`
			`lineinfile:`
			`path: /etc/sasl/xmpp.conf`
			`regexp: '^pwcheck_method: '`
			`line: "pwcheck_method: saslauthd"`
			`create: yes`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`backup: yes`
			`notify:`
			`- Restart SASLAuthd`
			`- name: Ensure SASL XMPP mechanism is configured`
			`lineinfile:`
			`path: /etc/sasl/xmpp.conf`
			`regexp: '^mech_list: '`
			`line: "mech_list: PLAIN"`
			`create: yes`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`backup: yes`
			`notify:`
			`- Restart SASLAuthd`
			`- name: Ensure Prosody user is part of SASL`
			`user:`
			`name: prosody`
			`append: yes`
			`groups:`
			`- sasl`
			`notify:`
			`- Restart Prosody.`