From 9d121236f1c6cf728ebfeee865c3af7304905ee7 Mon Sep 17 00:00:00 2001 From: transcaffeine Date: Sat, 16 Oct 2021 15:01:14 +0200 Subject: [PATCH] feat(ldap-user-backend): add role for managing ldap user backend in nextcloud --- roles/ldap-user-backend/defaults/main.yml | 19 ++++++++ roles/ldap-user-backend/tasks/main.yml | 45 ++++++++++++++++++ roles/ldap-user-backend/vars/main.yml | 58 +++++++++++++++++++++++ 3 files changed, 122 insertions(+) create mode 100644 roles/ldap-user-backend/defaults/main.yml create mode 100644 roles/ldap-user-backend/tasks/main.yml create mode 100644 roles/ldap-user-backend/vars/main.yml diff --git a/roles/ldap-user-backend/defaults/main.yml b/roles/ldap-user-backend/defaults/main.yml new file mode 100644 index 0000000..408de03 --- /dev/null +++ b/roles/ldap-user-backend/defaults/main.yml @@ -0,0 +1,19 @@ +--- + +nc_ldap_api_instance_url: http://localhost +nc_ldap_api_basic_auth_user: +nc_ldap_api_basic_auth_password: + +nc_ldap_config_id: s01 +nc_ldap_config_host: 127.0.0.1 +nc_ldap_config_port: 389 +nc_ldap_config_backup_host: ~ +nc_ldap_config_backup_port: ~ + +nc_ldap_config_base_dn: +nc_ldap_config_base_dn_users: +nc_ldap_config_base_dn_groups: +nc_ldap_config_agent_name: +nc_ldap_config_agent_password: + +nc_ldap_meta_http_agent: "ansible-httpget/finallycoffee.nextcloud.ldap-user-backend" diff --git a/roles/ldap-user-backend/tasks/main.yml b/roles/ldap-user-backend/tasks/main.yml new file mode 100644 index 0000000..f4cbc37 --- /dev/null +++ b/roles/ldap-user-backend/tasks/main.yml @@ -0,0 +1,45 @@ +--- + +- name: Default api config + meta: noop + vars: &api_defaults + http_agent: "{{ nc_ldap_meta_http_agent }}" + headers: "{{ nc_ldap_api_headers }}" + url_username: "{{ nc_ldap_api_basic_auth_user }}" + url_password: "{{ nc_ldap_api_basic_auth_password }}" + force_basic_auth: yes + force: yes + +- name: Check if configuration with given config ID already exists + uri: + <<: *api_defaults + url: "{{ nc_ldap_api_path }}/{{ nc_ldap_config_id }}{{ query_params }}" + method: GET + vars: + query_params: "?showPassword=1&format={{nc_ldap_api_parameter_format }}" + + register: nc_ldap_existing_config + +# TODO: Can we force an ID on POST? +- name: Create ldap configuration with id={{ nc_ldap_config_id }} + uri: + <<: *api_defaults + url: "{{ nc_ldap_api_path }}" + method: POST + when: nc_ldap_existing_config.status != 200 + +- name: Create changeset + set_fact: + nc_ldap_config_changeset: "{{ nc_ldap_config_changeset | combine(changed_entry) }}" + vars: + changed_entry: "{{ { item : nc_ldap_config_keys[item] } }}" + loops: "{{ nc_ldap_config_keys.keys() }}" + when: "{{ nc_ldap_config_keys[item] is defined and nc_ldap_config_keys[item] is not None }}" + +- name: Ensure ldap configuration is in sync + uri: + <<: *api_defaults + url: + method: PUT + body: + body_format: "form-urlencoded" diff --git a/roles/ldap-user-backend/vars/main.yml b/roles/ldap-user-backend/vars/main.yml new file mode 100644 index 0000000..6b88591 --- /dev/null +++ b/roles/ldap-user-backend/vars/main.yml @@ -0,0 +1,58 @@ +--- + +nc_ldap_api_path: "/ocs/v2.php/apps/user_ldap/api/v1/config" +nc_ldap_api_url: "{{ nc_ldap_api_instance_url }}{{ nc_ldap_api_path }}" +nc_ldap_api_headers: + OCS-APIREQUEST: "true" +nc_ldap_api_parameter_format: json + +nc_ldap_config_keys: + ldapHost: "{{ nc_ldap_config_host }}" + ldapPort: "{{ nc_ldap_config_port }}" + ldapBackupHost: "{{ nc_ldap_config_backup_host }}" + ldapBackupPort: "{{ nc_ldap_config_backup_port }}" + ldapOverrideMainServer: "{{ nc_ldap_config_override_main_server }}" + ldapBase: "{{ nc_ldap_config_base_dn }}" + ldapBaseUsers: "{{ nc_ldap_config_base_dn_users }}" + ldapBaseGroups: "{{ nc_ldap_config_base_dn_groups }}" + ldapAgentName: "{{ nc_ldap_config_agent_name }}" + ldapAgentPassword: "{{ nc_ldap_config_agent_password }}" + ldapTLS: "{{ nc_ldap_config_tls }}" + turnOffCertCheck: "{{ nc_ldap_config_turn_off_cert_check }}" + ldapUserDisplayName: "{{ nc_ldap_config_user_displayname }}" + ldapUserDisplayName2: "{{ nc_ldap_config_user_displayname2 }}" + ldapUserAvatarRule: "{{ nc_ldap_config_user_avatar_rule }}" + ldapGidNumber: "{{ nc_ldap_config_gid_number }}" + ldapUserFilterObjectclass: "{{ nc_ldap_config_user_filter_objectclass }}" + ldapUserFilterGroups: "{{ nc_ldap_config_user_filter_groups }}" + ldapUserFilter: "{{ nc_ldap_config_user_filter }}" + ldapUserFilterMode: "{{ nc_ldap_config_user_filter_mode }}" + ldapAttributesForUserSearch: "{{ nc_ldap_config_attributes_for_user_search }}" + ldapGroupFilter: "{{ nc_ldap_config_group_filter }}" + ldapGroupFilterMode: "{{ nc_ldap_config_group_filter_mode }}" + ldapGroupFilterObjectclass: "{{ nc_ldap_config_group_filter_objectclass }}" + ldapGroupFilterGroups: "{{ nc_ldap_config_group_filter_groups }}" + ldapGroupMemberAssocAttr: "{{ nc_ldap_config_group_member_assoc_attr }}" + ldapGroupDisplayName: "{{ nc_ldap_config_group_displayname }}" + ldapAttributesForGroupSearch: "{{ nc_ldap_config_attributes_for_group_search }}" + ldapLoginFilter: "{{ nc_ldap_config_login_filter }}" + ldapLoginFilterMode: "{{ nc_ldap_config_login_filter_mode }}" + ldapLoginFilterEmail: "{{ nc_ldap_config_login_filter_email }}" + ldapLoginFilterUsername: "{{ nc_ldap_config_login_filter_username }}" + ldapLoginFilterAttributes: "{{ nc_ldap_config_login_filter_attributes }}" + ldapQuotaAttribute: "{{ nc_ldap_config_quota_attribute }}" + ldapQuotaDefault: "{{ nc_ldap_config_quota_default }}" + ldapEmailAttribute: "{{ nc_ldap_config_email_attribute }}" + ldapCacheTTL: "{{ nc_ldap_config_cache_ttl }}" + ldapConfigurationActive: "{{ nc_ldap_config_configuration_active }}" + ldapExperiencedAdmin: "{{ nc_ldap_config_experienced_admin }}" + homeFolderNamingRule: "{{ nc_ldap_config_home_folder_naming_rule }}" + useMemberOfToDetectMembership: "{{ nc_ldap_config_use_memberOf_to_detect_membership }}" + ldapExpertUsernameAttr: "{{ nc_ldap_config_expert_username_attr }}" + ldapExpertUUIDUserAttr: "{{ nc_ldap_config_expert_uuid_user_attr }}" + ldapExpertUUIDGroupAttr: "{{ nc_ldap_config_expert_uuid_group_attr }}" + ldapNestedGroups: "{{ nc_ldap_config_nested_groups }}" + ldapPagingSize: "{{ nc_ldap_config_paging_size }}" + turnOnPasswordChange: "{{ nc_ldap_config_turn_on_password_change }}" + ldapDynamicGroupMemberURL: "{{ nc_ldap_config_dynamic_group_member_url }}" + ldapDefaultPPolicyDN: "{{ nc_ldap_config_default_ppolicy_dn }}"