{{ :cn:ccr:aai:howto:ca-dev.tar |}} {{ :cn:ccr:aai:howto:new-ca-dev.tar |}} {{ :cn:ccr:aai:howto:krb5-example.conf |}} - hosts: dsm1.example.org roles: - role: 389-infn-aai vars: krb5_conf_url: "https://wiki.infn.it/_media/cn/ccr/aai/howto/krb5-example.conf" ca_certs_tar_url: "http://wiki.infn.it/_media/cn/ccr/aai/howto/ca-dev.tar" sasl_mapping: - { cn: '20-krb5_people_default_realm', nsSaslMapRegexString: '^[^@]+$', nsSaslMapBaseDNTemplate: 'ou=people, dc=example, dc=org', nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&@{{ krb5_default_realm["stdout"] }})' } - { cn: '20-krb5_people_other_realm', nsSaslMapRegexString: '^.+@.+$', nsSaslMapBaseDNTemplate: 'ou=people, dc=example, dc=org', nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&)' } - { cn: '30-krb5_services_default_realm', nsSaslMapRegexString: '^[^@]+/[^@+]+$', nsSaslMapBaseDNTemplate: 'ou=services, dc=example, dc=org', nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&@{{ krb5_default_realm["stdout"] }})' } - { cn: '30-krb5_services_other_realm', nsSaslMapRegexString: '^.+/.+@.+$', nsSaslMapBaseDNTemplate: 'ou=services, dc=example, dc=org', nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&)' } - { cn: '40-krb5_hosts_default_realm', nsSaslMapRegexString: '^host/[^@]+$', nsSaslMapBaseDNTemplate: 'ou=hosts, dc=example, dc=org', nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&@{{ krb5_default_realm["stdout"] }})' } - { cn: '40-krb5_hosts_other_realm', nsSaslMapRegexString: '^host/.+@.+$', nsSaslMapBaseDNTemplate: 'ou=hosts, dc=example, dc=org', nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&)' }