10:27 p.m.
On maj 17, Imre Jonk wrote:
Ah, I figured that debops-contrib was for roles that were not yet
included in DebOps but might be in the future (like
debops-contrib.dropbear_initramfs). I'll make the PRs directly to
debops/debops then.
Thid only had merit when DebOps roles were in separate git repositories. Now,
you can just fork the DebOps monorepo, create your own branch and put the
roles there. It's very easy to keep your changed updated with the main project
by fetching new changes from master and rebasing your branch on top of them.
> For this you probably have to build the nginx .deb package from
source to
> include the LDAP support, correct? Now that nginx modules are in separate
> packages in Debian, I wonder when LDAP support will be available in the
> distribution itself. I'm not sure why it's not there yet, licensing? Lack of
> manpower or interest?
Nope :)
Nginx in Debian 9 has the PAM module compiled in. Otherwise I probably
wouldn't have been able to write this role this quick, I'm pretty lazy
when it comes to software. I just take whatever is in Debian stable,
with the occasional backports package or Docker image.
Interesting, I only came across nginx with LDAP setups that use the custom
LDAP module, and I hadn't considered the PAM route, which probably is more
universal anyway. I'll have to check that out.
I use the debops.auth and debops.nsswitch roles to configure PAM for
authentication against my debops.slapd managed OpenLDAP server. All
DebOps v0.8.1. I'll see if I can somehow integrate this configuration
with the dnsui role as well.
In that case you should check out the new changes in the DebOps master branch,
here's the Changelog: https://docs.debops.org/en/master/news/changelog.html
Tere are many changes related to LDAP support in DebOps. Most of the code from
'debops.auth' role has been ripped out and moved to other roles,
'debops.slapd' role was rewritten from scratch, and there's new
'debops.ldap'
role which will be used to add support for LDAP to many DebOps roles. I hope
that you will like it. :-)
I'm currently working on updating the 'debops.users' role and moving the
management of sysadmin accounts to a new 'debops.system_users' role which will
integrate with the LDAP support. After finishing these, I plan to make a new
DebOps release so there's something tagged. Probably a week or two from now.
I'm glad you're interested! My employer has allowed me some
time to
improve the roles next week, so you can review the PRs soon :)
You should work against the 'master' branch, of course. Perhaps a separate
development environment is in order. :)
Cheers,
Maciej