feat(ldap-user-backend): add role for managing ldap user backend in nextcloud

roles/ldap-user-backend/README.md

@@ -1,27 +0,0 @@
-# `finallycoffee.nextcloud.ldap-user-backend` ansible role
-
-Ansible role for managing LDAP authentication of nextcloud instances using ansible.
-
-## Prerequisites
-
-This role assumes a nextcloud instance is up and running, and has the `user_ldap`
-nextcloud app installed. For starting a nextcloud instance, see the
-`finallycoffee.nextcloud.server` role, for managing nextcloud apps see the
-`finallycoffee.nextcloud.apps` ansible role.
-
-## Configuration
-
-- Set `nc_ldap_api_method` to either `occ` or `http` to control wether the
-  configuration is set using `php occ` command line calls or the `http` API
-  of the `user_ldap` nextcloud app.
-
-- For `nc_ldap_api_method: occ`, ensure `nc_ldap_container` is set to the name
-  of the docker container where nextcloud is running, and `nc_ldap_occ_user` is
-  the user the container / nextcloud itself runs as. `nc_ldap_occ_command`
-  _can_ also be tweaked if `php` is not in the path, but the default should
-  be fine in most cases.
-
-- For `nc_ldap_api_method: http`, ensure `nc_ldapi_api_instance_url` contains
-  the URL to the nextcloud server, including protocol (and port, if
-  non-standard), and `nc_ldap_api_basic_auth_[user|password]` contain the
-  credentials of an admin user with the rights to edit the LDAP settings.

roles/ldap-user-backend/defaults/main.yml

@@ -1,15 +1,9 @@
 ---
 
-nc_ldap_api_method: occ
-
 nc_ldap_api_instance_url: http://localhost
 nc_ldap_api_basic_auth_user:
 nc_ldap_api_basic_auth_password:
 
-nc_ldap_occ_command: "php occ"
-nc_ldap_occ_user: "nextcloud"
-nc_ldap_container: nextcloud
-
 nc_ldap_config_id: s01
 nc_ldap_config_host: 127.0.0.1
 nc_ldap_config_port: 389

roles/ldap-user-backend/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 
-- name: Set default api parameters for HTTP
+- name: Default api config
   meta: noop
   vars: &api_defaults
     http_agent: "{{ nc_ldap_meta_http_agent }}"
@@ -9,16 +9,6 @@
     url_password: "{{ nc_ldap_api_basic_auth_password }}"
     force_basic_auth: yes
     force: yes
-  when: nc_ldap_api_method == 'http'
-
-- name: Check if configuration with given config ID already exists
-  docker_container_exec:
-    container: "{{ nc_ldap_container }}"
-    command: "{{ nc_ldap_occ_command }} ldap:show-config --output json {{ nc_ldap_config_id }}"
-    user: "{{ nc_ldap_occ_user }}"
-    tty: yes
-  when: nc_ldap_api_method == 'occ'
-  register: nc_ldap_existing_config
 
 - name: Check if configuration with given config ID already exists
   uri:
@@ -28,7 +18,6 @@
   vars:
     query_params: "?showPassword=1&format={{nc_ldap_api_parameter_format }}"
     
-  when: nc_ldap_api_method == 'http'
   register: nc_ldap_existing_config
 
 # TODO: Can we force an ID on POST?
@@ -37,16 +26,7 @@
     <<: *api_defaults
     url: "{{ nc_ldap_api_path }}"
     method: POST
-  when: nc_ldap_api_method == 'http' and nc_ldap_existing_config.status != 200
+  when: nc_ldap_existing_config.status != 200
-
-- name: Create ldap configuration with id={{ nc_ldap_config_id }}
-  docker_container_exec:
-    container: "{{ nc_ldap_container }}"
-    command: "{{ nc_ldap_occ_command }} ldap:create-empty-config --output json {{ nc_ldap_config_id }}"
-    user: "{{ nc_ldap_occ_user }}"
-    tty: yes
-  # research conditions?
-  when: nc_ldap_api_method == 'occ' and nc_ldap_existing_config.exitCode = 0
 
 - name: Create changeset
   set_fact:
@@ -63,12 +43,3 @@
     method: PUT
     body:
     body_format: "form-urlencoded"
-  when: nc_ldap_api_method == 'http'
-
-- name: Ensure ldap configuration is in sync
-  docker_container_exec:
-    container: "{{ nc_ldap_container }}"
-    command: "{{ nc_ldap_occ_command }} ldap:set-config #args"
-    user: "{{ nc_ldap_occ_user }}"
-    tty: yes
-  when: nc_ldap_api_method == 'occ'