add extended postfix roles

1 files changed, 29 insertions, 0 deletions

diff --git a/roles/mail/postfix/submission/tasks/saslauthd-ldap.yml b/roles/mail/postfix/submission/tasks/saslauthd-ldap.yml
new file mode 100644
index 00000000..55f1ece9
--- /dev/null
+++ b/roles/mail/postfix/submission/tasks/saslauthd-ldap.yml
@@ -0,0 +1,29 @@
+---
+- name: prepare ldap options for salsauthd
+  set_fact:
+    saslauthd_ldap_options: "{{ postfix_submission_auth_saslauthd.ldap_options }}"
+
+- name: install and configure ldap server certificate
+  when: "'tls_cacert_file' in postfix_submission_auth_saslauthd.ldap_options or 'tls_cacert_content' in postfix_submission_auth_saslauthd.ldap_options"
+  block:
+  - name: install ldap server certificate
+    copy:
+      src: "{{ postfix_submission_auth_saslauthd.ldap_options.tls_cacert_file | default(omit) }}"
+      content: "{{ postfix_submission_auth_saslauthd.ldap_options.tls_cacert_content | default(omit) }}"
+      dest: /etc/saslauthd-ldapscert.pem
+    notify: restart saslauthd
+
+  - name: update ca certificate file path in ldap options
+    set_fact:
+      saslauthd_ldap_options: "{{ saslauthd_ldap_options | combine({'tls_cacert_file': '/etc/saslauthd-ldapscert.pem'}) }}"
+
+- name: generate salsuathd config for ldap
+  copy:
+    content: |
+      {% for option,value in saslauthd_ldap_options.items() %}
+      {%   if option != 'tls_cacert_content' %}
+      ldap_{{ option }}: {{ value }}
+      {%   endif %}
+      {% endfor %}
+    dest: /etc/saslauthd.conf
+  notify: restart saslauthd