feat(openldap): add ansible role for deployment

2025-05-03 23:48:16 +02:00
parent b14f36c7e8
commit 66f7293710
14 changed files with 428 additions and 0 deletions
--- a/roles/openldap/tasks/configure.yml
+++ b/roles/openldap/tasks/configure.yml
@ -0,0 +1,58 @@
+---
+- name: Ensure ACLs are configured
+  community.general.ldap_attrs:
+    dn: "{{ openldap_default_database_config }}"
+    attributes:
+      olcAccess: "{{ openldap_config_db_olc_access }}"
+    state: "exact"
+    server_uri: "{{ openldap_socket_url }}"
+  retries: 3
+  delay: 3
+  register: openldap_acl_result
+  until: openldap_acl_result is succeeded
+
+- name: Ensure LDAP DIT is configured
+  when:
+    - openldap_default_database_root_dn is defined
+    - openldap_default_database_root_pw is defined
+  vars:
+    _meta: &openldap_bind_info
+      bind_dn: "{{ openldap_default_database_root_dn }}"
+      bind_pw: "{{ openldap_default_database_root_pw }}"
+      server_uri: "{{ openldap_socket_url }}"
+  block:
+    - name: Ensure rootDN + credentials are correct
+      community.general.ldap_attrs:
+        dn: "{{ openldap_default_database_config }}"
+        attributes: "{{ {entry.key: entry.value} }}"
+        state: "exact"
+        server_uri: "{{ openldap_socket_url }}"
+      no_log: "{{ entry.log is defined and not entry.log }}"
+      loop:
+        - key: "olcRootDN"
+          value: "{{ openldap_default_database_root_dn }}"
+        - key: "olcRootPW"
+          value: "{{ openldap_default_database_root_pw }}"
+          log: false
+      loop_control:
+        loop_var: "entry"
+        label: "{{ entry.key }}"
+
+    - name: Ensure root node is {{ openldap_state }}
+      community.general.ldap_entry:
+        dn: "{{ openldap_dn }}"
+        objectClass: "{{ openldap_root_node_object_classes }}"
+        attributes:
+          dc: "{{ openldap_root_node_dc }}"
+          o: "{{ openldap_root_node_o }}"
+        <<: *openldap_bind_info
+
+    - name: Ensure root node attributes are up to date
+      community.general.ldap_attrs:
+        dn: "{{ openldap_dn }}"
+        attributes:
+          dc: "{{ openldap_root_node_dc }}"
+          o: "{{ openldap_root_node_o }}"
+        state: exact
+        <<: *openldap_bind_info
+      when: openldap_state == 'present'