Configure Cyrus saslauthd deamon.
- Idempotent.
- Able to manage all authentification mechanisms and their options.
- Configure
/etc/saslauthd.confand/etc/ldap/ldap.conffiles for LDAP authentification mechanism. - Debian friendly (Ubuntu soon, anyone for Redhat likes and other platforms?).
- A developer/maintainer willing to receive feedback and bug reports.
This role must be run as root but will not become by itself.
| Name | Default | Description |
|---|---|---|
saslauthd_mechanism |
"pam" |
Authentification mechanism. |
saslauthd_mech_options |
"" |
Mechanism specific options (-O of saslauthd, see saslauthd(8)). |
saslauthd_threads |
5 |
Use threads processes for responding to authentication queries (-n). |
saslauthd_options |
"-c -m /var/run/saslauthd" |
All other options for saslauthd (see saslauthd(8)). |
saslauthd_mech_ldap_servers |
required if saslauthd_mechanism is ldap |
Array of LDAP servers (ldap_servers in saslauthd.conf). |
saslauthd_mech_ldap_search_base |
required if saslauthd_mechanism is ldap |
Search base for LDAP requests (ldap_search_base in saslauthd.conf). |
saslauthd_mech_ldap_config |
{ldap_version: 3} |
Options for ldap mechanism to be written into /etc/saslauthd.conf. |
saslauthd_lib_ldap_config |
{TLS_CACERT: "/etc/ssl/certs/ca-certificates.crt"} |
Options for LDAP library to be written into /etc/ldap/ldap.conf (see ldap.conf(5)). |
None.
Minimal playbook:
- name: Minimal playbook for role seb4itik.saslauthd (default mechanism "pam")
hosts: mail
roles:
- "seb4itik.saslauthd"
More complete example:
- name: Example playbook for role seb4itik.saslauthd (mechanism "ldap")
hosts: mail
vars:
saslauthd_mechanism: "ldap"
saslauthd_threads: 10
saslauthd_mech_ldap_servers: ["ldaps://ldap.{{ my_domain }}/"]
saslauthd_mech_ldap_search_base: "{{ my_ldap_base_dn }}"
roles:
- "seb4itik.saslauthd"
- Write tests.
- Other platforms (Ubuntu, Redhat, ...).
MIT