From 09c6fb03a03c65196fa26574fac4641a4378ac5d Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank.brehm@pixelpark.com>
Date: Thu, 12 Dec 2024 11:48:59 +0100
Subject: [PATCH] Hopefully finalizing 389ds plugin configuration

---
 inventory/dpx-ldap-dev1.yaml                  |  8 +++---
 .../tasks/account-policy.yaml                 | 28 +++++++++++++++++++
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/inventory/dpx-ldap-dev1.yaml b/inventory/dpx-ldap-dev1.yaml
index 1bce799..2837913 100644
--- a/inventory/dpx-ldap-dev1.yaml
+++ b/inventory/dpx-ldap-dev1.yaml
@@ -63,10 +63,10 @@ all:
 
 
     # Tempporary
-    ds389_logging_config: false
-    ds389_plugin_memberof_config: false
-    ds389_plugin_referint_config: false
-    ds389_plugin_attr_uniq_config: false
+    # ds389_logging_config: false
+    # ds389_plugin_memberof_config: false
+    # ds389_plugin_referint_config: false
+    # ds389_plugin_attr_uniq_config: false
 
 
 # vim: filetype=yaml
diff --git a/roles/389ds-config-plugins/tasks/account-policy.yaml b/roles/389ds-config-plugins/tasks/account-policy.yaml
index 80f789c..3e17144 100644
--- a/roles/389ds-config-plugins/tasks/account-policy.yaml
+++ b/roles/389ds-config-plugins/tasks/account-policy.yaml
@@ -215,4 +215,32 @@
         var: plugin_acc_policy_cmd
         verbosity: 0
 
+    - name: "Finally configure the account policy plugin."
+      ansible.builtin.shell: "{{ plugin_acc_policy_cmd }}"
+
+- name: "Check for enabling the account policy plugin."
+  when: "acc_plugin_cfg['enabled'] == false and ds389_plugin_account_policy_enable == true"
+  block:
+
+    - name: "Init + set var plugin_acc_policy_cmd for enabling + restart_389ds."
+      set_fact:
+        plugin_acc_policy_cmd: "dsconf {{ slapd_instance | quote }} plugin account-policy enable"
+        restart_389ds: true
+
+    - name: "Enabling the account policy plugin."
+      ansible.builtin.shell: "{{ plugin_acc_policy_cmd }}"
+
+- name: "Check for disabling the account policy plugin."
+  when: "acc_plugin_cfg['enabled'] == true and ds389_plugin_account_policy_enable == false"
+  block:
+
+    - name: "Init + set var plugin_acc_policy_cmd for enabling + restart_389ds."
+      set_fact:
+        plugin_acc_policy_cmd: "dsconf {{ slapd_instance | quote }} plugin account-policy disable"
+        restart_389ds: true
+
+    - name: "Enabling the account policy plugin."
+      ansible.builtin.shell: "{{ plugin_acc_policy_cmd }}"
+
+
 # vim: filetype=yaml
-- 
2.39.5