all demo

ansible/playbook/roles/ldap-auth/templates/get_ldap_ssh_key.sh.j2

@@ -0,0 +1,16 @@
+#!/bin/bash
+SSH_USER=$1
+LDAP_URI={{ ldap_server }}:{{ ldap_port }}
+GROUP_DN={{ base_group }}
+BASE_DN={{ base_passwd }}
+
+
+ldapFilter="(&(shadowInactive=0)(uid=${SSH_USER})(memberOf=cn=users,ou=groups,dc=dc1,dc=com)(sshPublicKey=*))"
+
+# Get "sshPublicKey":
+KEY=$(ldapsearch -x -LLL -o ldif-wrap=no -H "${LDAP_URI}" -b "${BASE_DN}" "${ldapFilter}" sshPublicKey | \
+    grep sshPublicKey | \
+    perl -MMIME::Base64 -wpe 's/^sshPublicKey(:{1,2}) (.+)$/$1 eq "::" ? decode_base64($2) : $2/e')
+echo "${KEY}"
+
+exit 0

ansible/playbook/roles/ldap-auth/templates/ldap.conf.j2

@@ -0,0 +1,7 @@
+uri {{ ldap_server }}:{{ ldap_port }}/
+base {{ ldap_base }}
+base group {{ base_group }}
+base passwd {{ base_passwd }}
+filter group {{ filter_group }}
+filter passwd {{ filter_passwd }}
+tls_reqcert {{ tls_reqcert }}