From 4cf8849598d1e0b757cf9896a3d2bd04fbd24a81 Mon Sep 17 00:00:00 2001
From: handreas <andreas.hamacher@monash.edu>
Date: Wed, 29 Apr 2020 03:07:46 +0000
Subject: [PATCH] pushing new content
Former-commit-id: 0786de7bd0393b9e77eb073d5db0bb73f25e809e
---
CICD/plays/mockldap.yml | 22 ++
roles/ldapserver/vars/CentOS_7.6_x86_64.yml | 8 +
.../.molecule/ansible_inventory | 5 +
roles/ldapservertest/.molecule/state.yml | 34 +++
roles/ldapservertest/README.md | 106 ++++++++++
roles/ldapservertest/defaults/main.yml | 11 +
roles/ldapservertest/files/base.ldif | 116 +++++++++++
roles/ldapservertest/files/users-passwd.ldif | 14 ++
roles/ldapservertest/meta/main.yml | 194 ++++++++++++++++++
roles/ldapservertest/molecule.yml | 43 ++++
roles/ldapservertest/playbook.yml | 4 +
roles/ldapservertest/tasks/.gitignore | 2 +
roles/ldapservertest/tasks/main.yml | 136 ++++++++++++
roles/ldapservertest/templates/certs.ldif.j2 | 10 +
roles/ldapservertest/templates/db.ldif.j2 | 14 ++
.../ldapservertest/templates/monitor.ldif.j2 | 4 +
roles/ldapservertest/tests/test_default.py | 12 ++
roles/ldapservertest/tests/test_default.pyc | Bin 0 -> 815 bytes
18 files changed, 735 insertions(+)
create mode 100644 CICD/plays/mockldap.yml
create mode 100644 roles/ldapserver/vars/CentOS_7.6_x86_64.yml
create mode 100644 roles/ldapservertest/.molecule/ansible_inventory
create mode 100644 roles/ldapservertest/.molecule/state.yml
create mode 100644 roles/ldapservertest/README.md
create mode 100644 roles/ldapservertest/defaults/main.yml
create mode 100644 roles/ldapservertest/files/base.ldif
create mode 100644 roles/ldapservertest/files/users-passwd.ldif
create mode 100644 roles/ldapservertest/meta/main.yml
create mode 100644 roles/ldapservertest/molecule.yml
create mode 100644 roles/ldapservertest/playbook.yml
create mode 100644 roles/ldapservertest/tasks/.gitignore
create mode 100644 roles/ldapservertest/tasks/main.yml
create mode 100644 roles/ldapservertest/templates/certs.ldif.j2
create mode 100644 roles/ldapservertest/templates/db.ldif.j2
create mode 100644 roles/ldapservertest/templates/monitor.ldif.j2
create mode 100644 roles/ldapservertest/tests/test_default.py
create mode 100644 roles/ldapservertest/tests/test_default.pyc
diff --git a/CICD/plays/mockldap.yml b/CICD/plays/mockldap.yml
new file mode 100644
index 00000000..8c7fbe29
--- /dev/null
+++ b/CICD/plays/mockldap.yml
@@ -0,0 +1,22 @@
+---
+- hosts: SQLNodes
+ vars_files:
+ - vars/passwords.yml
+ - vars/ldapConfig.yml
+ gather_facts: true
+ tasks:
+ - include_vars: vars/passwords.yml
+ roles:
+ - { role: ldapservertest
+ , tags: [ ldapserver ], become: true }
+
+#- hosts: ComputeNodes, LoginNodes
+# vars_files:
+# - vars/passwords.yml
+# - vars/ldapConfig.yml
+# gather_facts: true
+# tasks:
+# - include_vars: vars/passwords.yml
+# roles:
+# - { role: ldapclient, ssl: false
+# , tags: [ ldapclient ] }
\ No newline at end of file
diff --git a/roles/ldapserver/vars/CentOS_7.6_x86_64.yml b/roles/ldapserver/vars/CentOS_7.6_x86_64.yml
new file mode 100644
index 00000000..51bcdb11
--- /dev/null
+++ b/roles/ldapserver/vars/CentOS_7.6_x86_64.yml
@@ -0,0 +1,8 @@
+---
+ system_packages:
+ - openldap-servers
+ - openldap-clients
+ - openssl
+ ldapuser: ldap
+ ldapgroup: ldap
+ dbname: olcDatabase={2}hdb
diff --git a/roles/ldapservertest/.molecule/ansible_inventory b/roles/ldapservertest/.molecule/ansible_inventory
new file mode 100644
index 00000000..885816bd
--- /dev/null
+++ b/roles/ldapservertest/.molecule/ansible_inventory
@@ -0,0 +1,5 @@
+[all]
+test-role-vagrant ansible_host=127.0.0.1 ansible_port=2222 ansible_ssh_private_key_file="/home/jooho/.vagrant.d/insecure_private_key" ansible_user=vagrant
+
+[group1]
+test-role-vagrant
diff --git a/roles/ldapservertest/.molecule/state.yml b/roles/ldapservertest/.molecule/state.yml
new file mode 100644
index 00000000..e362bb7d
--- /dev/null
+++ b/roles/ldapservertest/.molecule/state.yml
@@ -0,0 +1,34 @@
+---
+converged: null
+created: true
+default_platform: null
+default_provider: null
+driver: vagrant
+driver_config:
+ current_platform: ubuntu
+ current_provider: virtualbox
+ instances:
+ - ansible_groups:
+ - group1
+ name: test-role-vagrant
+ vm_name: test-role-vagrant
+ platforms:
+ - box: centos/7
+ name: centos
+ - box: fedora/25-cloud-base
+ name: fedora
+ - box: ubuntu/trusty64
+ name: ubuntu
+ providers:
+ - name: virtualbox
+ options:
+ cpus: 2
+ memory: 512
+ type: virtualbox
+ raw_config_args:
+ - ssh.insert_key = false
+hosts:
+ test-role-vagrant:
+ groups:
+ - group1
+multiple_platforms: null
diff --git a/roles/ldapservertest/README.md b/roles/ldapservertest/README.md
new file mode 100644
index 00000000..81a29893
--- /dev/null
+++ b/roles/ldapservertest/README.md
@@ -0,0 +1,106 @@
+https://github.com/Jooho/ansible-role-openldap-test-server
+
+Ansible Role: OpenLDAP Test Server
+=========
+
+This role install OpenLDAP server and put some data for test purpose.
+
+Requirements
+------------
+None
+
+Role Variables
+--------------
+
+| Name | Default value | Requird | Description |
+|---------------------------|---------------------------------------|----------------------|-----------------------------------------------------------------------------|
+| temp_dir | /tmp/test-openldap-server | no | Temp directory |
+| ldap_http_port | 389 | no | LDAP HTTP Port |
+| ldap_https_port | 636 | no | If ssl set true, LDAP HTTPS Port will be set |
+| clean_all | true | no | LDAP Data reset |
+| ssl | false | no | Enable SSL for LDAP Server |
+| ssl_ca_cert | '' | no | CA Certificate. If ssl set true, this value must be set |
+| ssl_cert | '' | no | Server Certificate. If ssl set true, this value must be set |
+| ssl_private_key | '' | no | Server Private Key. If ssl set true, this value must be set |
+
+
+Dependencies
+------------
+
+None
+
+
+
+Example Playbook
+----------------
+~~~
+- name: Example Playbook
+ hosts: ldap.example.com
+ gather_facts: false
+
+ roles:
+ - { role: Jooho.openldap-test-server }
+~~~
+
+Information
+-----------
+- LDAP Password: redhat
+
+- LDAP Bind DN: cn=read-only-admin,dc=example,dc=com
+
+- LDAP Base DN: dc=example,dc=com
+
+**LDAP Test Data**
+
+| Group | CN | OU | PW | CN raw |
+|-----------------|-------------|----------|----------|--------------------------------------------|
+| Administrators | Sue Jacobs | People | redhat | cn=Sue Jacobs,ou=People,dc=example,dc=com |
+| Administrators | Pete Minsky | People | redhat | cn=Pete Minsky,ou=People,dc=example,dc=com |
+| Developers | Jooho Lee | People | redhat | cn=Jooho Lee,ou=People,dc=example,dc=com |
+
+
+Client Configuration
+--------------------
+The root-ca.cert.pem file will be found on ldap server vm
+
+```
+TLS_CACERTDIR /etc/openldap/cacerts
+TLS_CACERT /etc/openldap/certs/root-ca.cert.pem
+TLS_REQCERT allow
+```
+
+
+Useful Commands
+----------------
+```
+
+ldapadd -x -w redhat -D "cn=read-only-admin,dc=example,dc=com" -f base.ldif
+
+ldapsearch -v -H ldaps://ldap.example.com -D "cn=read-only-admin,dc=example,dc=com" -w "redhat" -b "dc=example,dc=com" -o ldif-wrap=no -vvvv
+
+ldapmodify -h ldap.example.com -p 389 -D "cn=read-only-admin,dc=example,dc=com" -f user-passwd.ldif -w redhat
+
+ldapdelete -H ldaps://ldap.example.com -D "cn=read-only-admin,dc=example,dc=com" "cn=Sue Jacobs,ou=People,dc=example,dc=com" -w redhat -vvv
+
+```
+
+
+
+References
+----------
+- [Install OpenLDAP on CentOS7](http://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html)
+
+- [External LDAP Test Server](http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/)
+
+
+
+License
+-------
+
+BSD/MIT
+
+Author Information
+------------------
+
+This role was created in 2017 by [Jooho Lee](http://github.com/jooho).
+
diff --git a/roles/ldapservertest/defaults/main.yml b/roles/ldapservertest/defaults/main.yml
new file mode 100644
index 00000000..78c7164a
--- /dev/null
+++ b/roles/ldapservertest/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+# defaults file for ansible-role-test-openldap-server
+
+temp_dir: /tmp/test-openldap-server
+ldap_http_port: 389
+ldap_https_port: 636
+clean_all: true
+ssl: false
+ssl_ca_cert: ''
+ssl_cert: ''
+ssl_private_key: ''
diff --git a/roles/ldapservertest/files/base.ldif b/roles/ldapservertest/files/base.ldif
new file mode 100644
index 00000000..30af78e7
--- /dev/null
+++ b/roles/ldapservertest/files/base.ldif
@@ -0,0 +1,116 @@
+
+# example.com
+dn: dc=example,dc=com
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+o: example.com
+dc: example
+
+# Group - People
+dn: ou=People,dc=example,dc=com
+changetype: add
+objectclass: top
+objectclass: organizationalUnit
+ou: People
+ou: Marketing
+
+
+# Group - Groups
+dn: ou=Groups,dc=example,dc=com
+changetype: add
+objectclass: top
+objectclass: organizationalUnit
+ou: Groups
+
+# Group - Groups-> Administrators
+dn: cn=Administrators,ou=Groups,dc=example,dc=com
+changetype: add
+objectclass: top
+objectclass: groupOfNames
+member: cn=Sue Jacobs,ou=People,dc=example,dc=com
+member: cn=Pete Minsky,ou=People,dc=example,dc=com
+cn: Administrators
+
+# Group - Groups-> Developers
+dn: cn=Developers,ou=Groups,dc=example,dc=com
+changetype: add
+objectclass: top
+objectclass: groupOfNames
+member: cn=Jooho Lee,ou=People,dc=example,dc=com
+cn: Developers
+
+# Person - People -> Jooho
+dn: cn=Jooho Lee,ou=People,dc=example,dc=com
+changetype: add
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+cn: Jooho Lee
+givenName: Jooho
+sn: Lee
+ou: People
+ou: Development
+uid: jlee
+
+# Person - People -> Pete Minsky
+dn: cn=Pete Minsky,ou=People,dc=example,dc=com
+changetype: add
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+cn: Pete Minsky
+givenName: Pete
+sn: Minsky
+ou: People
+ou: Marketing
+uid: pminsky
+
+# Person - People -> Sue Jacobs
+dn: cn=Sue Jacobs,ou=People,dc=example,dc=com
+changetype: add
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+cn: Sue Jacobs
+givenName: Sue
+sn: Jacobs
+ou: People
+ou: Marketing
+uid: sjacobs
+
+#dn: cn=accounts,ou=groups,dc=example,dc=com
+#objectClass: top
+#objectClass: posixGroup
+#gidNumber: 6001
+
+# LDAP group
+dn: cn=group1,ou=groups,dc=example,dc=com
+cn: group1
+gidnumber: 10004
+memberuid: user1
+objectclass: posixGroup
+objectclass: top
+
+
+dn: uid=user1,ou=People,dc=example,dc=com
+uid: user1
+cn: My name is user1
+objectClass: posixAccount
+objectClass: top
+objectClass: shadowAccount
+objectClass: iNetOrgPerson
+mail: testuser@foo.bar
+sn: user1
+userPassword: {SHA}PHZ8Qa+xKtoUAZDtgts/2TDi76M=
+shadowLastChange: 14791
+shadowMax: 99999
+shadowWarning: 7
+loginShell: /bin/bash
+uidNumber: 6001
+gidNumber: 100
+homeDirectory: /home/user1
+gecos: My name is user1
\ No newline at end of file
diff --git a/roles/ldapservertest/files/users-passwd.ldif b/roles/ldapservertest/files/users-passwd.ldif
new file mode 100644
index 00000000..bad970b4
--- /dev/null
+++ b/roles/ldapservertest/files/users-passwd.ldif
@@ -0,0 +1,14 @@
+dn: cn=Pete Minsky,ou=People,dc=example,dc=com
+changetype: modify
+replace: userPassword
+userPassword: redhat
+
+dn: cn=Sue Jacobs,ou=People,dc=example,dc=com
+changetype: modify
+replace: userPassword
+userPassword: redhat
+
+dn: cn=Jooho Lee,ou=People,dc=example,dc=com
+changetype: modify
+replace: userPassword
+userPassword: redhat
diff --git a/roles/ldapservertest/meta/main.yml b/roles/ldapservertest/meta/main.yml
new file mode 100644
index 00000000..ca0ccba9
--- /dev/null
+++ b/roles/ldapservertest/meta/main.yml
@@ -0,0 +1,194 @@
+galaxy_info:
+ author: jooho lee
+ description: This role install OpenLDAP server and put some data for test purpose.
+ company: your company (optional)
+
+ # If the issue tracker for your role is not on github, uncomment the
+ # next line and provide a value
+ # issue_tracker_url: http://example.com/issue/tracker
+
+ # Some suggested licenses:
+ # - BSD (default)
+ # - MIT
+ # - GPLv2
+ # - GPLv3
+ # - Apache
+ # - CC-BY
+ license: BSD/MIT
+
+ min_ansible_version: 1.2
+
+ # Optionally specify the branch Galaxy will use when accessing the GitHub
+ # repo for this role. During role install, if no tags are available,
+ # Galaxy will use this branch. During import Galaxy will access files on
+ # this branch. If travis integration is cofigured, only notification for this
+ # branch will be accepted. Otherwise, in all cases, the repo's default branch
+ # (usually master) will be used.
+ #github_branch:
+
+ #
+ # Below are all platforms currently available. Just uncomment
+ # the ones that apply to your role. If you don't see your
+ # platform on this list, let us know and we'll get it added!
+ #
+ platforms:
+ - name: EL
+ versions:
+ # - all
+ # - 5
+ - 6
+ - 7
+ #- name: GenericUNIX
+ # versions:
+ # - all
+ # - any
+ #- name: OpenBSD
+ # versions:
+ # - all
+ # - 5.6
+ # - 5.7
+ # - 5.8
+ # - 5.9
+ # - 6.0
+ - name: Fedora
+ versions:
+ - all
+ # - 16
+ # - 17
+ # - 18
+ # - 19
+ # - 20
+ # - 21
+ # - 22
+ # - 23
+ #- name: opensuse
+ # versions:
+ # - all
+ # - 12.1
+ # - 12.2
+ # - 12.3
+ # - 13.1
+ # - 13.2
+ #- name: MacOSX
+ # versions:
+ # - all
+ # - 10.10
+ # - 10.11
+ # - 10.12
+ # - 10.7
+ # - 10.8
+ # - 10.9
+ #- name: IOS
+ # versions:
+ # - all
+ # - any
+ #- name: Solaris
+ # versions:
+ # - all
+ # - 10
+ # - 11.0
+ # - 11.1
+ # - 11.2
+ # - 11.3
+ #- name: SmartOS
+ # versions:
+ # - all
+ # - any
+ #- name: eos
+ # versions:
+ # - all
+ # - Any
+ #- name: Windows
+ # versions:
+ # - all
+ # - 2012R2
+ #- name: Amazon
+ # versions:
+ # - all
+ # - 2013.03
+ # - 2013.09
+ #- name: GenericBSD
+ # versions:
+ # - all
+ # - any
+ #- name: Junos
+ # versions:
+ # - all
+ # - any
+ #- name: FreeBSD
+ # versions:
+ # - all
+ # - 10.0
+ # - 10.1
+ # - 10.2
+ # - 10.3
+ # - 8.0
+ # - 8.1
+ # - 8.2
+ # - 8.3
+ # - 8.4
+ # - 9.0
+ # - 9.1
+ # - 9.1
+ # - 9.2
+ # - 9.3
+ #- name: Ubuntu
+ # versions:
+ # - all
+ # - lucid
+ # - maverick
+ # - natty
+ # - oneiric
+ # - precise
+ # - quantal
+ # - raring
+ # - saucy
+ # - trusty
+ # - utopic
+ # - vivid
+ # - wily
+ # - xenial
+ #- name: SLES
+ # versions:
+ # - all
+ # - 10SP3
+ # - 10SP4
+ # - 11
+ # - 11SP1
+ # - 11SP2
+ # - 11SP3
+ # - 11SP4
+ # - 12
+ # - 12SP1
+ #- name: GenericLinux
+ # versions:
+ # - all
+ # - any
+ #- name: NXOS
+ # versions:
+ # - all
+ # - any
+ #- name: Debian
+ # versions:
+ # - all
+ # - etch
+ # - jessie
+ # - lenny
+ # - sid
+ # - squeeze
+ # - stretch
+ # - wheezy
+
+ galaxy_tags: [openldap]
+ # List tags for your role here, one per line. A tag is
+ # a keyword that describes and categorizes the role.
+ # Users find roles by searching for tags. Be sure to
+ # remove the '[]' above if you add tags to this list.
+ #
+ # NOTE: A tag is limited to a single word comprised of
+ # alphanumeric characters. Maximum 20 tags per role.
+
+dependencies: []
+ # List your role dependencies here, one per line.
+ # Be sure to remove the '[]' above if you add dependencies
+ # to this list.
diff --git a/roles/ldapservertest/molecule.yml b/roles/ldapservertest/molecule.yml
new file mode 100644
index 00000000..369ce192
--- /dev/null
+++ b/roles/ldapservertest/molecule.yml
@@ -0,0 +1,43 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+vagrant:
+ platforms:
+ - name: centos
+ box: centos/7
+ - name: fedora
+ box: fedora/25-cloud-base
+ - name: ubuntu
+ box: ubuntu/trusty64
+ providers:
+ - name: virtualbox
+ type: virtualbox
+ options:
+ memory: 512
+ cpus: 2
+ instances:
+ - name: test-role-vagrant
+ ansible_groups:
+ - group1
+ raw_config_args:
+ - "ssh.insert_key = false"
+docker:
+ containers:
+ - name: ansible-role-test-openldap-server
+ image: centos_docker
+ image_version: latest
+ cap_add:
+ - 'SYS_ADMIN'
+ volume_mounts:
+ - '/sys/fs/cgroup:/sys/fs/cgroup:ro'
+ privileged: True
+ command: /sbin/init
+ ansible_groups:
+ - group1
+ansible:
+ verbose: vvvv
+ become: yes
+verifier:
+ name: testinfra
diff --git a/roles/ldapservertest/playbook.yml b/roles/ldapservertest/playbook.yml
new file mode 100644
index 00000000..79ecb9c9
--- /dev/null
+++ b/roles/ldapservertest/playbook.yml
@@ -0,0 +1,4 @@
+---
+- hosts: all
+ roles:
+ - role: ansible-role-openldap-test-server
diff --git a/roles/ldapservertest/tasks/.gitignore b/roles/ldapservertest/tasks/.gitignore
new file mode 100644
index 00000000..21bb41e0
--- /dev/null
+++ b/roles/ldapservertest/tasks/.gitignore
@@ -0,0 +1,2 @@
+*.retry
+./.molecule/
diff --git a/roles/ldapservertest/tasks/main.yml b/roles/ldapservertest/tasks/main.yml
new file mode 100644
index 00000000..67cf756b
--- /dev/null
+++ b/roles/ldapservertest/tasks/main.yml
@@ -0,0 +1,136 @@
+---
+# tasks file for ansible-role-test-openldap-server
+
+ - name: Create {{temp_dir}}
+ file:
+ path={{temp_dir}}
+ state=directory
+
+ - name: Install OpenLDAP packages and necessary packages
+ package:
+ name: "{{item}}"
+ state: present
+ with_items:
+ - openldap
+ - compat-openldap
+ - openldap-clients
+ - openldap-servers
+ - openldap-devel
+ become: true
+
+ - name: Stop OpenLDAP Server
+ systemd:
+ name: slapd
+ state: stopped
+ when: clean_all
+
+ - name: List OpenLDAP Files
+ command: "ls /var/lib/ldap"
+ register: ldap_files
+ when: clean_all
+
+ - name: Remove OpenLDAP Data
+ file: path="/var/lib/ldap/{{item}}" state=absent force=true
+ with_items:
+ - "{{ldap_files.stdout_lines}}"
+ when: clean_all
+
+ - name: Start OpenLDAP Server
+ systemd:
+ name: slapd
+ state: started
+ enabled: True
+
+ - name: Get RootPW for openLDAP
+ shell: "slappasswd -s redhat"
+ register: ldap_root_rw
+
+ - name: Set RootPW as var
+ set_fact:
+ ROOT_PW: "{{ldap_root_rw.stdout}}"
+
+ - name: Copy db.ldif file to {{temp_dir}}
+ template: src="db.ldif.j2" dest={{temp_dir}}/db.ldif
+
+ - name: Modify ldap with db.ldif
+ shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f {{temp_dir}}/db.ldif
+
+ - name: Copy monitor.ldif to {{temp_dir}}
+ template: src="monitor.ldif.j2" dest={{temp_dir}}/monitor.ldif
+
+ - name: Modify ldap with monitor.ldif
+ shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f {{temp_dir}}/monitor.ldif
+
+ - name: Apply SSL
+ block:
+ - name: Copy certs.ldif to {{temp_dir}}
+ template: src="certs.ldif.j2" dest={{temp_dir}}/certs.ldif
+
+ - name: Copy Cert to /etc/openldap/certs/
+ copy: src={{ssl_cert}} dest=/etc/openldap/certs/{{ssl_cert|basename}} owner=ldap group=ldap
+
+ - name: Copy CA Cert to /etc/openldap/certs
+ copy: src={{ssl_ca_cert}} dest=/etc/openldap/certs/{{ssl_ca_cert|basename}} owner=ldap group=ldap
+
+ - name: Copy Private key to /etc/openldap/certs
+ copy: src={{ssl_private_key}} dest=/etc/openldap/certs/{{ssl_private_key|basename}} owner=ldap group=ldap
+
+ - name: Add ldaps:// into /etc/sysconfig/slapd
+ lineinfile:
+ path: /etc/sysconfig/slapd
+ regexp: 'ldap:\/\/\/'
+ line: 'SLAPD_URLS="ldapi:/// ldap:/// ldaps:///"'
+
+ - name: Modify ldap with certs.ldif
+ shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f {{temp_dir}}/certs.ldif
+
+ - name: Start OpenLDAP Server
+ systemd:
+ name: slapd
+ state: restarted
+ when: ssl
+
+ - name: Test LDAP server
+ shell: slaptest -u
+ when: ssl
+
+ - name: Check if cosine/nis/inetorgperson data exist(1)
+ shell: "ldapsearch -Y EXTERNAL -H ldapi:/// -b \"cn=schema,cn=config\" |egrep '^cn(.*cosine|.*nis|.*inetorgperson)'> ldapsearch_cosine_nis_inet"
+ ignore_errors: yes
+
+ - name: Check if cosine/nis/inetorgperson data exist(2)
+ shell: "cat ldapsearch_cosine_nis_inet|wc -l"
+ register: default_data_exist
+
+ - name: Setup ldap with default example ldif files
+ copy: src=/usr/share/openldap-servers/DB_CONFIG.example dest=/var/lib/ldap/DB_CONFIG remote_src=yes
+
+ - name: Change UID/GID of /var/lib/ldap/*
+ file:
+ path: /var/lib/ldap
+ owner: ldap
+ group: ldap
+ recurse: yes
+
+ - name: Add cosine/nis/inetoragperson ldif to ldap server
+ shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/{{item}}
+ with_items:
+ - cosine.ldif
+ - nis.ldif
+ - inetorgperson.ldif
+ when: default_data_exist.stdout|int < 3
+
+ - name: Copy base.ldif to {{temp_dir}} > this is the default user/group data
+ copy: src=base.ldif dest="{{temp_dir}}/base.ldif"
+
+ - name: Add the default user/group data with base.ldif
+ shell: ldapadd -x -w redhat -D "cn=read-only-admin,dc=example,dc=com" -f {{temp_dir}}/base.ldif
+
+ - name: Copy user-passwd.ldif to {{temp_dir}}
+ copy: src=users-passwd.ldif dest="{{temp_dir}}/users-passwd.ldif"
+
+ - name: Modify pw of users
+ shell: ldapadd -x -w redhat -D "cn=read-only-admin,dc=example,dc=com" -f {{temp_dir}}/users-passwd.ldif
+
+# - name: Firewalld add rule for ldap
+#
diff --git a/roles/ldapservertest/templates/certs.ldif.j2 b/roles/ldapservertest/templates/certs.ldif.j2
new file mode 100644
index 00000000..85162a27
--- /dev/null
+++ b/roles/ldapservertest/templates/certs.ldif.j2
@@ -0,0 +1,10 @@
+dn: cn=config
+changetype: modify
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/openldap/certs/{{ssl_cert|basename}}
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/openldap/certs/{{ssl_private_key|basename}}
+-
+replace: olcTLSCACertificateFile
+olcTLSCACertificateFile: /etc/openldap/certs/{{ssl_ca_cert|basename}}
diff --git a/roles/ldapservertest/templates/db.ldif.j2 b/roles/ldapservertest/templates/db.ldif.j2
new file mode 100644
index 00000000..276eb6b8
--- /dev/null
+++ b/roles/ldapservertest/templates/db.ldif.j2
@@ -0,0 +1,14 @@
+dn: olcDatabase={2}hdb,cn=config
+changetype: modify
+replace: olcSuffix
+olcSuffix: dc=example,dc=com
+
+dn: olcDatabase={2}hdb,cn=config
+changetype: modify
+replace: olcRootDN
+olcRootDN: cn=read-only-admin,dc=example,dc=com
+
+dn: olcDatabase={2}hdb,cn=config
+changetype: modify
+replace: olcRootPW
+olcRootPW: {{ROOT_PW}}
diff --git a/roles/ldapservertest/templates/monitor.ldif.j2 b/roles/ldapservertest/templates/monitor.ldif.j2
new file mode 100644
index 00000000..5f9f3c3f
--- /dev/null
+++ b/roles/ldapservertest/templates/monitor.ldif.j2
@@ -0,0 +1,4 @@
+dn: olcDatabase={1}monitor,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=read-only-admin,dc=example,dc=com" read by * none
diff --git a/roles/ldapservertest/tests/test_default.py b/roles/ldapservertest/tests/test_default.py
new file mode 100644
index 00000000..ef04a32b
--- /dev/null
+++ b/roles/ldapservertest/tests/test_default.py
@@ -0,0 +1,12 @@
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ '.molecule/ansible_inventory').get_hosts('all')
+
+
+def test_hosts_file(File):
+ f = File('/etc/hosts')
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
diff --git a/roles/ldapservertest/tests/test_default.pyc b/roles/ldapservertest/tests/test_default.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..f8276ee7cee8b4e09649beb0f74b3161c0b048c5
GIT binary patch
literal 815
zcmc&yO>fjN5FIDm7OE|kkT_N1oJ$ifhzmj#RHR;dXixMKWfQ0M)*DCmWNFpz1vv9(
z`2q08`_UDD0Ly-!89!^@jGg{I*#GtE>}yS{kzoIb72W|FOhuOHN|9DHO=z0ZbVN-;
zKj7|AlZtV*OU;OWg0?68%WMaC%^!^Oa0D}-Ijifz>Z0m`nOI$#Zmv6a{+?5uSJu`F
zyX2Pj87rIt9%FuFSSWf#LWGZq6@6d2i3qt(D7@JUrt9G8Du^O3Gf8tE_JM`wy0~$H
z1CQW(=QtCCcLDm&$iWMkCn0Fh#&xIOJ0H1&M5MNB?}k1TsWJY=SPfM~Z3dtS;SN^8
zv%cs}e>@qCZH~+N&9}FcV$+R{Q9E~Q&>?2+i@EluH85BQHeKth;^ASNk$c^{va4o#
zv52G)v21i(4VLr%o)3{+u9vaUvW37sgu*ibsc~|sUa3qRel4(0ln-od$k(srhpt1#
z&$lVD{z!{m`iFV|>dEqrFP<)6>y?m=u2|Mm+=a-9Eqj9h+dL8Ue&!l{*bnlmL4L+K
I8LOA+Utnb0oB#j-
literal 0
HcmV?d00001
--
GitLab