ca-dev.tar
new-ca-dev.tar
krb5-example.conf
- hosts: dsm1.example.org
roles:
- role: 389-infn-aai
vars:
krb5_conf_url: "https://wiki.infn.it/_media/cn/ccr/aai/howto/krb5-example.conf"
ca_certs_tar_url: "http://wiki.infn.it/_media/cn/ccr/aai/howto/ca-dev.tar"
sasl_mapping:
- {
cn: '20-krb5_people_default_realm',
nsSaslMapRegexString: '^[^@]+$',
nsSaslMapBaseDNTemplate: 'ou=people, dc=example, dc=org',
nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&@{{ krb5_default_realm["stdout"] }})'
}
- {
cn: '20-krb5_people_other_realm',
nsSaslMapRegexString: '^.+@.+$',
nsSaslMapBaseDNTemplate: 'ou=people, dc=example, dc=org',
nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&)'
}
- {
cn: '30-krb5_services_default_realm',
nsSaslMapRegexString: '^[^@]+/[^@+]+$',
nsSaslMapBaseDNTemplate: 'ou=services, dc=example, dc=org',
nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&@{{ krb5_default_realm["stdout"] }})'
}
- {
cn: '30-krb5_services_other_realm',
nsSaslMapRegexString: '^.+/.+@.+$',
nsSaslMapBaseDNTemplate: 'ou=services, dc=example, dc=org',
nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&)'
}
- {
cn: '40-krb5_hosts_default_realm',
nsSaslMapRegexString: '^host/[^@]+$',
nsSaslMapBaseDNTemplate: 'ou=hosts, dc=example, dc=org',
nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&@{{ krb5_default_realm["stdout"] }})'
}
- {
cn: '40-krb5_hosts_other_realm',
nsSaslMapRegexString: '^host/.+@.+$',
nsSaslMapBaseDNTemplate: 'ou=hosts, dc=example, dc=org',
nsSaslMapFilterTemplate: '(infnKerberosPrincipal=&)'
}