Add refint and memberof configuration

2a9002a9 · Jupiter Hu · e1897712 · 2a9002a9 · 2a9002a9 · 2a9002a9
Commit 2a9002a9 authored 8 years ago by Jupiter Hu
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -51,6 +51,18 @@
 - name: template ssl.ldif
  template: src=ssl_ldif.j2 dest=/tmp/ssl.ldif mode=600

+- name: template load_memberof.ldif
+  template: src=load_memberof_ldif.j2 dest=/tmp/load_memberof.ldif mode=600
+
+- name: template load_refint.ldif
+  template: src=load_refint_ldif.j2 dest=/tmp/load_refint.ldif mode=600
+
+- name: template memberOfConfig.ldif
+  template: src=memberOfConfig_ldif.j2 dest=/tmp/memberOfConfig.ldif mode=600
+
+- name: template refint_config.ldif
+  template: src=refint_config_ldif.j2 dest=/tmp/refint_config.ldif mode=600
+
 - name: template manager.ldif
  template: src=manager_ldif.j2 dest=/tmp/manager.ldif mode=600
  sudo: true
@@ -147,6 +159,46 @@
  sudo: true
  when: ppolicyOverlayConfigured|failed

+- name: check refint module loaded
+  shell: slapcat -b cn=config | grep "olcmoduleload"
+  sudo: true
+  ignore_errors: true
+  register: refintModuleLoaded
+
+- name: load refint module
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_refint.ldif -D cn=config 
+  sudo: true
+  when: refintModuleLoaded|failed
+
+- name: check memberof module loaded
+  shell: slapcat -b cn=config | grep "olcModuleLoad {.*}memberof"
+  sudo: true
+  ignore_errors: true
+  register: memberofModuleLoaded
+
+- name: load memberof module
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_memberof.ldif -D cn=config 
+  sudo: true
+  when: memberofModuleLoaded|failed
+
+- name: check member of config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcMemberOf"
+  ignore_errors: true
+  register: memberOfConfigured
+
+- name: add member of config 
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/memberOfConfig.ldif
+  when: memberOfConfigured|failed
+
+- name: check refinit config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcRefintConfig"
+  ignore_errors: true
+  register: refintConfigured
+
+- name: add refint config 
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/refint_config.ldif
+  when: refintConfigured|failed
+
 - name: check Manager config
  shell: "slapcat -b cn=config | grep 'olcRootDN: {{ ldapManager }}'"
  ignore_errors: true

--- a/roles/ldapserver/templates/load_memberof_ldif.j2
+++ b/roles/ldapserver/templates/load_memberof_ldif.j2
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: memberof.la
--- a/roles/ldapserver/templates/load_refint_ldif.j2
+++ b/roles/ldapserver/templates/load_refint_ldif.j2
+dn: cn=module{0},cn=config
+add: olcmoduleload
+olcmoduleload: refint
--- a/roles/ldapserver/templates/memberOfConfig_ldif.j2
+++ b/roles/ldapserver/templates/memberOfConfig_ldif.j2
+dn: olcOverlay=memberof,olcDatabase={2}bdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
--- a/roles/ldapserver/templates/refint_config_ldif.j2
+++ b/roles/ldapserver/templates/refint_config_ldif.j2
+dn: olcOverlay=refint,olcDatabase={2}bdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: refint
+olcRefintAttribute: memberof member manager owner