From 63a3ecbe58c2bb192c5693af3939eb9e29877e65 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 10 Jul 2024 18:00:32 +0200
Subject: add extended postfix roles

---
 .../postfix/submission/tasks/saslauthd-ldap.yml    | 29 ++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 roles/mail/postfix/submission/tasks/saslauthd-ldap.yml

(limited to 'roles/mail/postfix/submission/tasks/saslauthd-ldap.yml')

diff --git a/roles/mail/postfix/submission/tasks/saslauthd-ldap.yml b/roles/mail/postfix/submission/tasks/saslauthd-ldap.yml
new file mode 100644
index 00000000..55f1ece9
--- /dev/null
+++ b/roles/mail/postfix/submission/tasks/saslauthd-ldap.yml
@@ -0,0 +1,29 @@
+---
+- name: prepare ldap options for salsauthd
+  set_fact:
+    saslauthd_ldap_options: "{{ postfix_submission_auth_saslauthd.ldap_options }}"
+
+- name: install and configure ldap server certificate
+  when: "'tls_cacert_file' in postfix_submission_auth_saslauthd.ldap_options or 'tls_cacert_content' in postfix_submission_auth_saslauthd.ldap_options"
+  block:
+  - name: install ldap server certificate
+    copy:
+      src: "{{ postfix_submission_auth_saslauthd.ldap_options.tls_cacert_file | default(omit) }}"
+      content: "{{ postfix_submission_auth_saslauthd.ldap_options.tls_cacert_content | default(omit) }}"
+      dest: /etc/saslauthd-ldapscert.pem
+    notify: restart saslauthd
+
+  - name: update ca certificate file path in ldap options
+    set_fact:
+      saslauthd_ldap_options: "{{ saslauthd_ldap_options | combine({'tls_cacert_file': '/etc/saslauthd-ldapscert.pem'}) }}"
+
+- name: generate salsuathd config for ldap
+  copy:
+    content: |
+      {% for option,value in saslauthd_ldap_options.items() %}
+      {%   if option != 'tls_cacert_content' %}
+      ldap_{{ option }}: {{ value }}
+      {%   endif %}
+      {% endfor %}
+    dest: /etc/saslauthd.conf
+  notify: restart saslauthd
-- 
cgit v1.2.3