From f35b62515bf2de4855be58be1cd0b006c6fbb382 Mon Sep 17 00:00:00 2001
From: Jupiter Hu <jupiter.hu@monash.edu>
Date: Thu, 11 Aug 2016 10:26:25 +1000
Subject: [PATCH] Add refint and memberof configuration

Former-commit-id: 2a9002a992c867d4150071878a2442a1e3c4fe37
---
 roles/ldapserver/tasks/main.yml               | 52 +++++++++++++++++++
 .../templates/load_memberof_ldif.j2           |  4 ++
 .../ldapserver/templates/load_refint_ldif.j2  |  3 ++
 .../templates/memberOfConfig_ldif.j2          | 11 ++++
 .../templates/refint_config_ldif.j2           |  7 +++
 5 files changed, 77 insertions(+)
 create mode 100644 roles/ldapserver/templates/load_memberof_ldif.j2
 create mode 100644 roles/ldapserver/templates/load_refint_ldif.j2
 create mode 100644 roles/ldapserver/templates/memberOfConfig_ldif.j2
 create mode 100644 roles/ldapserver/templates/refint_config_ldif.j2

diff --git a/roles/ldapserver/tasks/main.yml b/roles/ldapserver/tasks/main.yml
index c007a12a..bb5ce9b9 100644
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -51,6 +51,18 @@
 - name: template ssl.ldif
   template: src=ssl_ldif.j2 dest=/tmp/ssl.ldif mode=600
 
+- name: template load_memberof.ldif
+  template: src=load_memberof_ldif.j2 dest=/tmp/load_memberof.ldif mode=600
+
+- name: template load_refint.ldif
+  template: src=load_refint_ldif.j2 dest=/tmp/load_refint.ldif mode=600
+
+- name: template memberOfConfig.ldif
+  template: src=memberOfConfig_ldif.j2 dest=/tmp/memberOfConfig.ldif mode=600
+
+- name: template refint_config.ldif
+  template: src=refint_config_ldif.j2 dest=/tmp/refint_config.ldif mode=600
+
 - name: template manager.ldif
   template: src=manager_ldif.j2 dest=/tmp/manager.ldif mode=600
   sudo: true
@@ -147,6 +159,46 @@
   sudo: true
   when: ppolicyOverlayConfigured|failed
 
+- name: check refint module loaded
+  shell: slapcat -b cn=config | grep "olcmoduleload"
+  sudo: true
+  ignore_errors: true
+  register: refintModuleLoaded
+
+- name: load refint module
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_refint.ldif -D cn=config 
+  sudo: true
+  when: refintModuleLoaded|failed
+
+- name: check memberof module loaded
+  shell: slapcat -b cn=config | grep "olcModuleLoad {.*}memberof"
+  sudo: true
+  ignore_errors: true
+  register: memberofModuleLoaded
+
+- name: load memberof module
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_memberof.ldif -D cn=config 
+  sudo: true
+  when: memberofModuleLoaded|failed
+
+- name: check member of config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcMemberOf"
+  ignore_errors: true
+  register: memberOfConfigured
+
+- name: add member of config 
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/memberOfConfig.ldif
+  when: memberOfConfigured|failed
+
+- name: check refinit config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcRefintConfig"
+  ignore_errors: true
+  register: refintConfigured
+
+- name: add refint config 
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/refint_config.ldif
+  when: refintConfigured|failed
+
 - name: check Manager config
   shell: "slapcat -b cn=config | grep 'olcRootDN: {{ ldapManager }}'"
   ignore_errors: true
diff --git a/roles/ldapserver/templates/load_memberof_ldif.j2 b/roles/ldapserver/templates/load_memberof_ldif.j2
new file mode 100644
index 00000000..c47d4209
--- /dev/null
+++ b/roles/ldapserver/templates/load_memberof_ldif.j2
@@ -0,0 +1,4 @@
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: memberof.la
diff --git a/roles/ldapserver/templates/load_refint_ldif.j2 b/roles/ldapserver/templates/load_refint_ldif.j2
new file mode 100644
index 00000000..90d5f9f1
--- /dev/null
+++ b/roles/ldapserver/templates/load_refint_ldif.j2
@@ -0,0 +1,3 @@
+dn: cn=module{0},cn=config
+add: olcmoduleload
+olcmoduleload: refint
diff --git a/roles/ldapserver/templates/memberOfConfig_ldif.j2 b/roles/ldapserver/templates/memberOfConfig_ldif.j2
new file mode 100644
index 00000000..61f8685e
--- /dev/null
+++ b/roles/ldapserver/templates/memberOfConfig_ldif.j2
@@ -0,0 +1,11 @@
+dn: olcOverlay=memberof,olcDatabase={2}bdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
diff --git a/roles/ldapserver/templates/refint_config_ldif.j2 b/roles/ldapserver/templates/refint_config_ldif.j2
new file mode 100644
index 00000000..343e4006
--- /dev/null
+++ b/roles/ldapserver/templates/refint_config_ldif.j2
@@ -0,0 +1,7 @@
+dn: olcOverlay=refint,olcDatabase={2}bdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: refint
+olcRefintAttribute: memberof member manager owner
-- 
GitLab