3 files changed, 39 insertions, 0 deletions

diff --git a/ansible/roles/ldap/README.md b/ansible/roles/ldap/README.md
new file mode 100644
index 0000000..a3b79c8
--- /dev/null
+++ b/ansible/roles/ldap/README.md
@@ -0,0 +1,9 @@
+# LDAP
+
+This role prepares the environment for FreeIPA to be installed on our Rocky
+Linux-based LDAP host.
+
+Note that the actual installation process and subsequent setup steps from
+`ipa-server-install` must unfortunately be performed manually, as the automation
+of this process is not something that we have deemed critical to automate at
+this stage.
diff --git a/ansible/roles/ldap/handlers/main.yml b/ansible/roles/ldap/handlers/main.yml
new file mode 100644
index 0000000..e3867ac
--- /dev/null
+++ b/ansible/roles/ldap/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Reload the firewall
+  service:
+    name: firewalld
+    state: reloaded
diff --git a/ansible/roles/ldap/tasks/main.yml b/ansible/roles/ldap/tasks/main.yml
new file mode 100644
index 0000000..5e1c5c8
--- /dev/null
+++ b/ansible/roles/ldap/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: Install IPA server packages
+  package:
+    name:
+      - ipa-server
+    state: present
+  tags:
+    - role::ldap
+
+- name: Create firewall rules for FreeIPA
+  ansible.posix.firewalld:
+    service: "{{ item }}"
+    permanent: true
+    state: enabled
+  loop:
+    - http
+    - https
+    - dns
+    - ntp
+    - freeipa-ldap
+    - freeipa-ldaps
+  notify:
+    - Reload the firewall
+  tags:
+    - role::ldap