From 4bebaf890035c4d7dff09bdba6abe901afc94ace Mon Sep 17 00:00:00 2001
From: CVL-GitHub <jupiter.hu@monash.edu>
Date: Tue, 25 Aug 2015 11:16:55 +1000
Subject: [PATCH] fixed build

---
 roles/karaage3.1.17/tasks/karaage.yml         | 26 +++++++++----------
 roles/ldapserver/tasks/main.yml               | 10 +++++++
 .../shibboleth-sp/tasks/shibbolethConfig.yml  |  4 +--
 .../templates/attribute-map.xml.j2            |  3 ++-
 4 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/roles/karaage3.1.17/tasks/karaage.yml b/roles/karaage3.1.17/tasks/karaage.yml
index 1142ced1..d4a11f1c 100644
--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -98,19 +98,6 @@
  shell: cp -rvpf /root/karaage3.1.7/conf/karaage3-wsgi.conf /etc/httpd/conf.d/karaage3-wsgi.conf
  sudo: true
  when: ansible_os_family == "RedHat"
--
- name: "Enable shibboleth, should it be in shibboleth-sp role?"
- lineinfile: insertafter="{{ item.after }}" line="{{ item.line }}" dest=/etc/{% if ansible_os_family == 'RedHat'  %}httpd{% else %}apache2{% endif %}/conf-available/karaage3-wsgi.conf state=present
- with_items:
-   - { after: 'EOF', line: '<Location /karaage>' } 
-   - { after: '^<Location /karaage>', line: 'AuthType Shibboleth' }
-   - { after: '^AuthType Shibboleth', line: 'ShibRequireSession On' }
-   - { after: '^ShibRequireSession On', line: 'ShibUseHeaders On' }
-   - { after: '^ShibUseHeaders On', line: 'require valid-user' }
-   - { after: 'EOF', line: '</Location>' }
-#   - { after: '^require valid-user', line: '</Location>' }
- sudo: true
-
 -
  name: "Installing other packages Debian"
  apt: name={{ item }} update_cache=yes
@@ -189,3 +176,16 @@
  service: name=httpd state=reloaded
  sudo: true
  when: ansible_os_family == "RedHat"
+
+- 
+ name: "Enable shibboleth (ansible-galaxy install yaegashi.blockinfile)"
+ blockinfile:
+   dest: /etc/apache2/conf-available/karaage3-wsgi.conf
+   block: |
+     <Location /karaage>
+     AuthType Shibboleth
+     ShibRequireSession On
+     ShibUseHeaders On
+     require valid-user
+     </Location>
+
diff --git a/roles/ldapserver/tasks/main.yml b/roles/ldapserver/tasks/main.yml
index 582041c8..dab389be 100644
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -83,6 +83,16 @@
   file: path={{ cacert | dirname }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
   sudo: true
 
+- name: make ldap certs dir
+  file: path={{ ldapCertDir }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
+  sudo: true
+  when: ldapCertDir is defined
+
+- name: make ldap private dir
+  file: path={{ ldapPrivateDir }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
+  sudo: true
+  when: ldapPrivateDir is defined
+
 # Change to remove easy-rsa and to use fixed key and certs
 - name: copy fixed keys and certs from files directory
   template: src=files/{{ item.src }} dest="{{ item.dest }}" mode={{ item.mode }} owner=root group=root
diff --git a/roles/shibboleth-sp/tasks/shibbolethConfig.yml b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
index 14b57c94..1756ff56 100644
--- a/roles/shibboleth-sp/tasks/shibbolethConfig.yml
+++ b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
@@ -101,7 +101,7 @@
   file: path=/etc/shibboleth/private, state=directory, mode=700, owner=_shibd
   sudo: true
 
-- name: copy shib key:
+- name: copy shib key
   sudo: true
   copy: src=files/{{ shib_key }} dest=/etc/shibboleth/private/{{ shib_key }} owner=_shibd, mode=600
 
@@ -109,7 +109,7 @@
   file: path=/etc/shibboleth/certs, state=directory, mode=755, owner=_shibd
   sudo: true
 
-- name: copy shib cert:
+- name: copy shib cert
   sudo: true
   copy: src=files/{{ shib_cert }} dest=/etc/shibboleth/certs/{{ shib_cert }} owner=_shibd, mode=644
 
diff --git a/roles/shibboleth-sp/templates/attribute-map.xml.j2 b/roles/shibboleth-sp/templates/attribute-map.xml.j2
index 6b8a8c85..b25ca20e 100644
--- a/roles/shibboleth-sp/templates/attribute-map.xml.j2
+++ b/roles/shibboleth-sp/templates/attribute-map.xml.j2
@@ -149,5 +149,6 @@
     <Attribute name="urn:oid:2.5.4.15" id="businessCategory"/>
     <Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/>
     -->
-
+    <Attribute name="urn:mace:dir:attribute-def:auEduPersonSharedToken" id="auEduPersonSharedToken"/>
+    <Attribute name="urn:oid:1.3.6.1.4.1.27856.1.2.5" id="auEduPersonSharedToken"/>
 </Attributes>
-- 
GitLab