haproxy_backend_name: 'be-ldap-dev1'
haproxy_user_socket: '/run/haproxy/user.sock'
haproxy_admin_socket: '/run/haproxy/admin.sock'
+ # ds389_plugin_attr_uniq_purge: false
+ ds389_plugin_attr_uniq_attributes:
+ 'uid':
+ across_all_subtrees: false
+ subtrees:
+ - 'o=bmas,o=isp'
+ - 'o=bmf,o=isp'
+ - 'o=BMWA,o=isp'
+ - 'o=bmwi,o=isp'
+ - 'o=bmwi-unternehmergeist,o=isp'
+ - 'o=cosTemplates,o=isp'
+ - 'o=Internet,o=isp'
+ - 'o=mbvd,o=isp'
+ - 'o=pfizer,o=isp'
+ - 'o=Pixelpark,o=isp'
+ - 'o=publicis,o=isp'
+ - 'o=PuF,o=isp'
+ - 'o=Radeberger,o=isp'
+ - 'o=sirona,o=isp'
+ - 'o=tov,o=isp'
+ 'gidNumber':
+ subtrees:
+ - 'o=isp'
+ 'mail':
+ subtrees:
+ - 'o=isp'
+ 'uidNumber':
+ subtrees:
+ - 'o=isp'
+# vim: filetype=yaml
haproxy_backend_name: 'be-stage-ldap'
haproxy_user_socket: '/run/haproxy/user.sock'
haproxy_admin_socket: '/run/haproxy/admin.sock'
+ ds389_plugin_attr_uniq_config: false
+ # ds389_plugin_attr_uniq_purge: false
+ ds389_plugin_attr_uniq_attributes:
+ 'uid':
+ across_all_subtrees: false
+ subtrees:
+ - 'dc=spk,dc=pixelpark,dc=net'
# vim: filetype=yaml
--- /dev/null
+---
+base_logdir: '/var/log/dirsrv'
+
+logging:
+ access:
+ logfile: access.log
+ enabled: true
+ audit:
+ logfile: audit.log
+ enabled: false
+ auditfail:
+ logfile: audit.log
+ enabled: true
+ error:
+ logfile: error.log
+ enabled: true
+ security:
+ logfile: security.log
+ enabled: true
+
+# vim: filetype=yaml
+++ /dev/null
----
-base_logdir: '/var/log/dirsrv'
-
-logging:
- access:
- logfile: access.log
- enabled: true
- audit:
- logfile: audit.log
- enabled: false
- auditfail:
- logfile: audit.log
- enabled: true
- error:
- logfile: error.log
- enabled: true
- security:
- logfile: security.log
- enabled: true
-
-# vim: filetype=yaml
--- /dev/null
+---
+
+###############################
+# Plugin memberOf
+
+ds389_plugin_memberof_config: true
+ds389_plugin_memberof_enabled: true
+ds389_plugin_memberof_attr: 'memberOf'
+ds389_plugin_memberof_groupattrs:
+ - 'member'
+ - 'uniqueMember'
+ds389_plugin_memberof_allbackends: true
+ds389_plugin_memberof_skipnested: false
+
+# Later do eval, how to maintain
+ds389_plugin_memberof_scopes: []
+ds389_plugin_memberof_escapes: []
+ds389_plugin_memberof_auto_add_oc: ~
+
+###############################
+# Plugin referential-integrity
+
+ds389_plugin_referint_config: true
+ds389_plugin_referint_enabled: true
+ds389_plugin_referint_membership_attributes:
+ - 'member'
+ - 'uniqueMember'
+ - 'owner'
+ - 'seeAlso'
+ds389_plugin_referint_logfile: 'referint.log'
+ds389_plugin_referint_update_delay: 0
+
+###############################
+# Plugin attribute uniqueness
+
+ds389_plugin_attr_uniq_config: true
+ds389_plugin_attr_uniq_purge: true
+ds389_plugin_attr_uniq_attributes: {}
+ds389_plugin_attr_uniq_attributes_default:
+ 'uid':
+ ensure: present
+ enabled: true
+ subtrees: []
+ across_all_subtrees: true
+ top_entry_oc: ~
+ subtree_entries_oc: ~
+ 'gidNumber':
+ ensure: present
+ enabled: true
+ subtrees: []
+ across_all_subtrees: true
+ top_entry_oc: ~
+ subtree_entries_oc: 'posixGroup'
+ 'mail':
+ ensure: present
+ enabled: true
+ subtrees: []
+ across_all_subtrees: true
+ top_entry_oc: ~
+ subtree_entries_oc: 'inetLocalMailRecipient'
+ 'uidNumber':
+ ensure: present
+ enabled: true
+ subtrees: []
+ across_all_subtrees: true
+ top_entry_oc: ~
+ subtree_entries_oc: ~
+
+base_logdir: '/var/log/dirsrv'
+
+# vim: filetype=yaml
--- /dev/null
+---
+
+- name: "Merge attributes configuration"
+ set_fact:
+ uniq_attributes: "{{ ds389_plugin_attr_uniq_attributes_default | ansible.builtin.combine(ds389_plugin_attr_uniq_attributes, list_merge='append_rp', recursive=true) }}"
+
+- name: 'Show merged uniq_attributes'
+ debug:
+ var: uniq_attributes
+ verbosity: 2
+
+- name: 'Get the list of all attr-uniq entries.'
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin attr-uniq list"
+ register: get_all_attr_uniq_entries
+ changed_when: false
+ check_mode: false
+
+- name: 'Show get_all_attr_uniq_entries.'
+ debug:
+ var: get_all_attr_uniq_entries
+ verbosity: 3
+
+- name: "Set cur_attr_uniq_entries."
+ set_fact:
+ cur_attr_uniq_entries: "{{ get_all_attr_uniq_entries.stdout_lines | map('regex_replace', '\\s*$', '') }}"
+
+- name: 'Show cur_attr_uniq_entries.'
+ debug:
+ var: cur_attr_uniq_entries
+ verbosity: 2
+
+- name: 'Set exp_attr_uniq_entries_lc.'
+ set_fact:
+ exp_attr_uniq_entries_lc: []
+
+- name: 'Fill exp_attr_uniq_entries_lc.'
+ set_fact:
+ exp_attr_uniq_entries_lc: "{{ exp_attr_uniq_entries_lc + [ (item.key | lower) + ' attribute uniqueness' ] }}"
+ loop: "{{ uniq_attributes | dict2items | list }}"
+
+- name: 'Show exp_attr_uniq_entries_lc.'
+ debug:
+ var: exp_attr_uniq_entries_lc
+ verbosity: 2
+
+- name: 'Purge attr-uniq entries.'
+ when: (ds389_plugin_attr_uniq_purge | bool) == true
+ block:
+
+ - name: 'Purge unnecessary attr-uniq entries.'
+ debug:
+ msg: "Deleting attr-uniq entry '{{ attr_uniq_entry }}'."
+ when: ( attr_uniq_entry | lower ) not in exp_attr_uniq_entries_lc
+ loop: "{{ cur_attr_uniq_entries }}"
+ loop_control:
+ loop_var: attr_uniq_entry
+
+
+# vim: filetype=yaml
include_tasks: 'referint.yaml'
when: (ds389_plugin_referint_config | bool) == true
+- name: "Configuring the 389ds attr-uniq-Plugin."
+ include_tasks: 'attr-uniq.yaml'
+ when: (ds389_plugin_attr_uniq_config | bool) == true
+
# vim: filetype=yaml
- name: "Show config hash:"
debug:
var: plugin_referint_config
- verbosity: 0
+ verbosity: 2
- name: 'Predefine variable exec_set to false'
set_fact:
- name: "Show the command to execute:"
debug:
var: plugin_referint_cmd
- verbosity: 0
+ verbosity: 1
- name: "Finally configure the referential-integrity plugin."
ansible.builtin.shell: "{{ plugin_referint_cmd }}"
+++ /dev/null
----
-
-###############################
-# Plugin memberOf
-
-ds389_plugin_memberof_config: true
-ds389_plugin_memberof_enabled: true
-ds389_plugin_memberof_attr: 'memberOf'
-ds389_plugin_memberof_groupattrs:
- - 'member'
- - 'uniqueMember'
-ds389_plugin_memberof_allbackends: true
-ds389_plugin_memberof_skipnested: false
-
-# Later do eval, how to maintain
-ds389_plugin_memberof_scopes: []
-ds389_plugin_memberof_escapes: []
-ds389_plugin_memberof_auto_add_oc: ~
-
-###############################
-# Plugin referential-integrity
-
-ds389_plugin_referint_config: true
-ds389_plugin_referint_enabled: true
-ds389_plugin_referint_membership_attributes:
- - 'member'
- - 'uniqueMember'
- - 'owner'
- - 'seeAlso'
-ds389_plugin_referint_logfile: 'referint.log'
-ds389_plugin_referint_update_delay: 0
-
-base_logdir: '/var/log/dirsrv'
-
-# vim: filetype=yaml
--- /dev/null
+---
+
+restart_389ds: false
+
+# vim: filetype=yaml
+++ /dev/null
----
-
-restart_389ds: false
-
-# vim: filetype=yaml
--- /dev/null
+---
+
+haproxy_user_socket: '/run/haproxy/user.sock'
+haproxy_admin_socket: '/run/haproxy/admin.sock'
+haproxy_test_socket: '/etc/passwd'
+
+haproxy_wait_for_disable: true
+haproxy_wait_interval: 2
+haproxy_wait_retries: 60
+
+# vim: filetype=yaml
+++ /dev/null
----
-
-haproxy_user_socket: '/run/haproxy/user.sock'
-haproxy_admin_socket: '/run/haproxy/admin.sock'
-haproxy_test_socket: '/etc/passwd'
-
-haproxy_wait_for_disable: true
-haproxy_wait_interval: 2
-haproxy_wait_retries: 60
-
-# vim: filetype=yaml
projects / pixelpark / pp-admin-tools.git / commitdiff