Merge branch 'UpdateLdapServer' into 'master'

Add refint and memberof configuration Add refint and memberof module and configure. See merge request !79 Former-commit-id: 947127f5

Merge branch 'UpdateLdapServer' into 'master'
Add refint and memberof configuration Add refint and memberof module and configure. See merge request !79 Former-commit-id: 947127f5
acf04711 · Chris Hines · d58902eb · 09bbc3f1 · acf04711 · acf04711
Commit acf04711 authored 8 years ago by Chris Hines
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -51,6 +51,21 @@
 - name: template ssl.ldif
  template: src=ssl_ldif.j2 dest=/tmp/ssl.ldif mode=600

+- name: template acl_groups.ldif
+  template: src=acl_groups_ldif.j2 dest=/tmp/acl_groups.ldif mode=600
+
+- name: template load_memberof.ldif
+  template: src=load_memberof_ldif.j2 dest=/tmp/load_memberof.ldif mode=600
+
+- name: template load_refint.ldif
+  template: src=load_refint_ldif.j2 dest=/tmp/load_refint.ldif mode=600
+
+- name: template memberOfConfig.ldif
+  template: src=memberOfConfig_ldif.j2 dest=/tmp/memberOfConfig.ldif mode=600
+
+- name: template refint_config.ldif
+  template: src=refint_config_ldif.j2 dest=/tmp/refint_config.ldif mode=600
+
 - name: template manager.ldif
  template: src=manager_ldif.j2 dest=/tmp/manager.ldif mode=600
  sudo: true
@@ -147,6 +162,46 @@
  sudo: true
  when: ppolicyOverlayConfigured|failed

+- name: check refint module loaded
+  shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}refint"
+  sudo: true
+  ignore_errors: true
+  register: refintModuleLoaded
+
+- name: load refint module
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_refint.ldif -D cn=config 
+  sudo: true
+  when: refintModuleLoaded|failed
+
+- name: check memberof module loaded
+  shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}memberof"
+  sudo: true
+  ignore_errors: true
+  register: memberofModuleLoaded
+
+- name: load memberof module
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_memberof.ldif -D cn=config 
+  sudo: true
+  when: memberofModuleLoaded|failed
+
+- name: check member of config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcMemberOf"
+  ignore_errors: true
+  register: memberOfConfigured
+
+- name: add member of config 
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/memberOfConfig.ldif
+  when: memberOfConfigured|failed
+
+- name: check refinit config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcRefintConfig"
+  ignore_errors: true
+  register: refintConfigured
+
+- name: add refint config 
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/refint_config.ldif
+  when: refintConfigured|failed
+
 - name: check Manager config
  shell: "slapcat -b cn=config | grep 'olcRootDN: {{ ldapManager }}'"
  ignore_errors: true
@@ -210,6 +265,16 @@
  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/groups.ldif
  when: groupsConfigured|failed

+- name: check aclroups config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapAclGroupBase }} -x -H ldap://localhost objectClass=*"
+  ignore_errors: true
+  register: aclgroupsConfigured
+
+- name: add aclgroups OU
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/acl_groups.ldif
+  when: aclgroupsConfigured|failed
+
+
 - name: check Accounts config
  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapUserBase }} -x -H ldap://localhost objectClass=*"
  ignore_errors: true

--- a/roles/ldapserver/templates/acl_groups_ldif.j2
+++ b/roles/ldapserver/templates/acl_groups_ldif.j2
+dn: {{ ldapAclGroupBase }}
+objectClass: organizationalUnit
--- a/roles/ldapserver/templates/load_memberof_ldif.j2
+++ b/roles/ldapserver/templates/load_memberof_ldif.j2
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: memberof.la
--- a/roles/ldapserver/templates/load_refint_ldif.j2
+++ b/roles/ldapserver/templates/load_refint_ldif.j2
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad 
+olcModuleLoad: refint.la
--- a/roles/ldapserver/templates/memberOfConfig_ldif.j2
+++ b/roles/ldapserver/templates/memberOfConfig_ldif.j2
+dn: olcOverlay=memberof,olcDatabase={2}bdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
--- a/roles/ldapserver/templates/refint_config_ldif.j2
+++ b/roles/ldapserver/templates/refint_config_ldif.j2
+dn: olcOverlay=refint,olcDatabase={2}bdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: refint
+olcRefintAttribute: memberof member manager owner