feat(ldap-user-backend): add role for managing ldap user backend in nextcloud

roles/apps/vars/main.yml

@@ -0,0 +1,3 @@
+---
+
+nc_apps_occ_command: "php occ"

roles/ldap-user-backend/defaults/main.yml

@@ -0,0 +1,19 @@
+---
+
+nc_ldap_api_instance_url: http://localhost
+nc_ldap_api_basic_auth_user:
+nc_ldap_api_basic_auth_password:
+
+nc_ldap_config_id: s01
+nc_ldap_config_host: 127.0.0.1
+nc_ldap_config_port: 389
+nc_ldap_config_backup_host: ~
+nc_ldap_config_backup_port: ~
+
+nc_ldap_config_base_dn:
+nc_ldap_config_base_dn_users:
+nc_ldap_config_base_dn_groups:
+nc_ldap_config_agent_name:
+nc_ldap_config_agent_password:
+
+nc_ldap_meta_http_agent: "ansible-httpget/finallycoffee.nextcloud.ldap-user-backend"

roles/ldap-user-backend/tasks/main.yml

@@ -0,0 +1,45 @@
+---
+
+- name: Default api config
+  meta: noop
+  vars: &api_defaults
+    http_agent: "{{ nc_ldap_meta_http_agent }}"
+    headers: "{{ nc_ldap_api_headers }}"
+    url_username: "{{ nc_ldap_api_basic_auth_user }}"
+    url_password: "{{ nc_ldap_api_basic_auth_password }}"
+    force_basic_auth: yes
+    force: yes
+
+- name: Check if configuration with given config ID already exists
+  uri:
+    <<: *api_defaults
+    url: "{{ nc_ldap_api_path }}/{{ nc_ldap_config_id }}{{ query_params }}"
+    method: GET
+  vars:
+    query_params: "?showPassword=1&format={{nc_ldap_api_parameter_format }}"
+    
+  register: nc_ldap_existing_config
+
+# TODO: Can we force an ID on POST?
+- name: Create ldap configuration with id={{ nc_ldap_config_id }}
+  uri:
+    <<: *api_defaults
+    url: "{{ nc_ldap_api_path }}"
+    method: POST
+  when: nc_ldap_existing_config.status != 200
+
+- name: Create changeset
+  set_fact:
+    nc_ldap_config_changeset: "{{ nc_ldap_config_changeset | combine(changed_entry) }}"
+  vars:
+    changed_entry: "{{ { item : nc_ldap_config_keys[item] } }}"
+  loops: "{{ nc_ldap_config_keys.keys() }}"
+  when: "{{ nc_ldap_config_keys[item] is defined and nc_ldap_config_keys[item] is not None }}"
+
+- name: Ensure ldap configuration is in sync
+  uri:
+    <<: *api_defaults
+    url:
+    method: PUT
+    body:
+    body_format: "form-urlencoded"

roles/ldap-user-backend/vars/main.yml

@@ -0,0 +1,58 @@
+---
+
+nc_ldap_api_path: "/ocs/v2.php/apps/user_ldap/api/v1/config"
+nc_ldap_api_url: "{{ nc_ldap_api_instance_url }}{{ nc_ldap_api_path }}"
+nc_ldap_api_headers:
+  OCS-APIREQUEST: "true"
+nc_ldap_api_parameter_format: json
+
+nc_ldap_config_keys:
+  ldapHost: "{{ nc_ldap_config_host }}"
+  ldapPort: "{{ nc_ldap_config_port }}"
+  ldapBackupHost: "{{ nc_ldap_config_backup_host }}"
+  ldapBackupPort: "{{ nc_ldap_config_backup_port }}"
+  ldapOverrideMainServer: "{{ nc_ldap_config_override_main_server }}"
+  ldapBase: "{{ nc_ldap_config_base_dn }}"
+  ldapBaseUsers: "{{ nc_ldap_config_base_dn_users }}"
+  ldapBaseGroups: "{{ nc_ldap_config_base_dn_groups }}"
+  ldapAgentName: "{{ nc_ldap_config_agent_name }}"
+  ldapAgentPassword: "{{ nc_ldap_config_agent_password }}"
+  ldapTLS: "{{ nc_ldap_config_tls }}"
+  turnOffCertCheck: "{{ nc_ldap_config_turn_off_cert_check }}"
+  ldapUserDisplayName: "{{ nc_ldap_config_user_displayname }}"
+  ldapUserDisplayName2: "{{ nc_ldap_config_user_displayname2 }}"
+  ldapUserAvatarRule: "{{ nc_ldap_config_user_avatar_rule }}"
+  ldapGidNumber: "{{ nc_ldap_config_gid_number }}"
+  ldapUserFilterObjectclass: "{{ nc_ldap_config_user_filter_objectclass }}"
+  ldapUserFilterGroups: "{{ nc_ldap_config_user_filter_groups }}"
+  ldapUserFilter: "{{ nc_ldap_config_user_filter }}"
+  ldapUserFilterMode: "{{ nc_ldap_config_user_filter_mode }}"
+  ldapAttributesForUserSearch: "{{ nc_ldap_config_attributes_for_user_search }}"
+  ldapGroupFilter: "{{ nc_ldap_config_group_filter }}"
+  ldapGroupFilterMode: "{{ nc_ldap_config_group_filter_mode }}"
+  ldapGroupFilterObjectclass: "{{ nc_ldap_config_group_filter_objectclass }}"
+  ldapGroupFilterGroups: "{{ nc_ldap_config_group_filter_groups }}"
+  ldapGroupMemberAssocAttr: "{{ nc_ldap_config_group_member_assoc_attr }}"
+  ldapGroupDisplayName: "{{ nc_ldap_config_group_displayname }}"
+  ldapAttributesForGroupSearch: "{{ nc_ldap_config_attributes_for_group_search }}"
+  ldapLoginFilter: "{{ nc_ldap_config_login_filter }}"
+  ldapLoginFilterMode: "{{ nc_ldap_config_login_filter_mode }}"
+  ldapLoginFilterEmail: "{{ nc_ldap_config_login_filter_email }}"
+  ldapLoginFilterUsername: "{{ nc_ldap_config_login_filter_username }}"
+  ldapLoginFilterAttributes: "{{ nc_ldap_config_login_filter_attributes }}"
+  ldapQuotaAttribute: "{{ nc_ldap_config_quota_attribute }}"
+  ldapQuotaDefault: "{{ nc_ldap_config_quota_default }}"
+  ldapEmailAttribute: "{{ nc_ldap_config_email_attribute }}"
+  ldapCacheTTL: "{{ nc_ldap_config_cache_ttl }}"
+  ldapConfigurationActive: "{{ nc_ldap_config_configuration_active }}"
+  ldapExperiencedAdmin: "{{ nc_ldap_config_experienced_admin }}"
+  homeFolderNamingRule: "{{ nc_ldap_config_home_folder_naming_rule }}"
+  useMemberOfToDetectMembership: "{{ nc_ldap_config_use_memberOf_to_detect_membership }}"
+  ldapExpertUsernameAttr: "{{ nc_ldap_config_expert_username_attr }}"
+  ldapExpertUUIDUserAttr: "{{ nc_ldap_config_expert_uuid_user_attr }}"
+  ldapExpertUUIDGroupAttr: "{{ nc_ldap_config_expert_uuid_group_attr }}"
+  ldapNestedGroups: "{{ nc_ldap_config_nested_groups }}"
+  ldapPagingSize: "{{ nc_ldap_config_paging_size }}"
+  turnOnPasswordChange: "{{ nc_ldap_config_turn_on_password_change }}"
+  ldapDynamicGroupMemberURL: "{{ nc_ldap_config_dynamic_group_member_url }}"
+  ldapDefaultPPolicyDN: "{{ nc_ldap_config_default_ppolicy_dn }}"