From 8602c31b8a0852ff104b71bb6ccfd5df6c155f72 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Tue, 3 Dec 2024 17:22:23 +0100 Subject: [PATCH] Adding and using roles/389ds-config-plugins/tasks/attr-uniq.yaml --- inventory/dpx-ldap-dev1.yaml | 30 ++++++++++ inventory/spk-ldap-stage.yaml | 7 +++ .../{vars => defaults}/main.yaml | 0 .../{vars => defaults}/main.yaml | 36 +++++++++++ .../389ds-config-plugins/tasks/attr-uniq.yaml | 59 +++++++++++++++++++ roles/389ds-config-plugins/tasks/main.yaml | 4 ++ .../389ds-config-plugins/tasks/referint.yaml | 4 +- .../{vars => defaults}/main.yaml | 0 .../{vars => defaults}/main.yaml | 0 9 files changed, 138 insertions(+), 2 deletions(-) rename roles/389ds-config-logging/{vars => defaults}/main.yaml (100%) rename roles/389ds-config-plugins/{vars => defaults}/main.yaml (50%) create mode 100644 roles/389ds-config-plugins/tasks/attr-uniq.yaml rename roles/389ds-restart/{vars => defaults}/main.yaml (100%) rename roles/haproxy-disable-backend/{vars => defaults}/main.yaml (100%) diff --git a/inventory/dpx-ldap-dev1.yaml b/inventory/dpx-ldap-dev1.yaml index 4c8a95e..d63b43c 100644 --- a/inventory/dpx-ldap-dev1.yaml +++ b/inventory/dpx-ldap-dev1.yaml @@ -27,4 +27,34 @@ all: haproxy_backend_name: 'be-ldap-dev1' haproxy_user_socket: '/run/haproxy/user.sock' haproxy_admin_socket: '/run/haproxy/admin.sock' + # ds389_plugin_attr_uniq_purge: false + ds389_plugin_attr_uniq_attributes: + 'uid': + across_all_subtrees: false + subtrees: + - 'o=bmas,o=isp' + - 'o=bmf,o=isp' + - 'o=BMWA,o=isp' + - 'o=bmwi,o=isp' + - 'o=bmwi-unternehmergeist,o=isp' + - 'o=cosTemplates,o=isp' + - 'o=Internet,o=isp' + - 'o=mbvd,o=isp' + - 'o=pfizer,o=isp' + - 'o=Pixelpark,o=isp' + - 'o=publicis,o=isp' + - 'o=PuF,o=isp' + - 'o=Radeberger,o=isp' + - 'o=sirona,o=isp' + - 'o=tov,o=isp' + 'gidNumber': + subtrees: + - 'o=isp' + 'mail': + subtrees: + - 'o=isp' + 'uidNumber': + subtrees: + - 'o=isp' +# vim: filetype=yaml diff --git a/inventory/spk-ldap-stage.yaml b/inventory/spk-ldap-stage.yaml index f371d78..13ac24c 100644 --- a/inventory/spk-ldap-stage.yaml +++ b/inventory/spk-ldap-stage.yaml @@ -24,5 +24,12 @@ all: haproxy_backend_name: 'be-stage-ldap' haproxy_user_socket: '/run/haproxy/user.sock' haproxy_admin_socket: '/run/haproxy/admin.sock' + ds389_plugin_attr_uniq_config: false + # ds389_plugin_attr_uniq_purge: false + ds389_plugin_attr_uniq_attributes: + 'uid': + across_all_subtrees: false + subtrees: + - 'dc=spk,dc=pixelpark,dc=net' # vim: filetype=yaml diff --git a/roles/389ds-config-logging/vars/main.yaml b/roles/389ds-config-logging/defaults/main.yaml similarity index 100% rename from roles/389ds-config-logging/vars/main.yaml rename to roles/389ds-config-logging/defaults/main.yaml diff --git a/roles/389ds-config-plugins/vars/main.yaml b/roles/389ds-config-plugins/defaults/main.yaml similarity index 50% rename from roles/389ds-config-plugins/vars/main.yaml rename to roles/389ds-config-plugins/defaults/main.yaml index 780110c..32d5881 100644 --- a/roles/389ds-config-plugins/vars/main.yaml +++ b/roles/389ds-config-plugins/defaults/main.yaml @@ -30,6 +30,42 @@ ds389_plugin_referint_membership_attributes: ds389_plugin_referint_logfile: 'referint.log' ds389_plugin_referint_update_delay: 0 +############################### +# Plugin attribute uniqueness + +ds389_plugin_attr_uniq_config: true +ds389_plugin_attr_uniq_purge: true +ds389_plugin_attr_uniq_attributes: {} +ds389_plugin_attr_uniq_attributes_default: + 'uid': + ensure: present + enabled: true + subtrees: [] + across_all_subtrees: true + top_entry_oc: ~ + subtree_entries_oc: ~ + 'gidNumber': + ensure: present + enabled: true + subtrees: [] + across_all_subtrees: true + top_entry_oc: ~ + subtree_entries_oc: 'posixGroup' + 'mail': + ensure: present + enabled: true + subtrees: [] + across_all_subtrees: true + top_entry_oc: ~ + subtree_entries_oc: 'inetLocalMailRecipient' + 'uidNumber': + ensure: present + enabled: true + subtrees: [] + across_all_subtrees: true + top_entry_oc: ~ + subtree_entries_oc: ~ + base_logdir: '/var/log/dirsrv' # vim: filetype=yaml diff --git a/roles/389ds-config-plugins/tasks/attr-uniq.yaml b/roles/389ds-config-plugins/tasks/attr-uniq.yaml new file mode 100644 index 0000000..6903b8e --- /dev/null +++ b/roles/389ds-config-plugins/tasks/attr-uniq.yaml @@ -0,0 +1,59 @@ +--- + +- name: "Merge attributes configuration" + set_fact: + uniq_attributes: "{{ ds389_plugin_attr_uniq_attributes_default | ansible.builtin.combine(ds389_plugin_attr_uniq_attributes, list_merge='append_rp', recursive=true) }}" + +- name: 'Show merged uniq_attributes' + debug: + var: uniq_attributes + verbosity: 2 + +- name: 'Get the list of all attr-uniq entries.' + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin attr-uniq list" + register: get_all_attr_uniq_entries + changed_when: false + check_mode: false + +- name: 'Show get_all_attr_uniq_entries.' + debug: + var: get_all_attr_uniq_entries + verbosity: 3 + +- name: "Set cur_attr_uniq_entries." + set_fact: + cur_attr_uniq_entries: "{{ get_all_attr_uniq_entries.stdout_lines | map('regex_replace', '\\s*$', '') }}" + +- name: 'Show cur_attr_uniq_entries.' + debug: + var: cur_attr_uniq_entries + verbosity: 2 + +- name: 'Set exp_attr_uniq_entries_lc.' + set_fact: + exp_attr_uniq_entries_lc: [] + +- name: 'Fill exp_attr_uniq_entries_lc.' + set_fact: + exp_attr_uniq_entries_lc: "{{ exp_attr_uniq_entries_lc + [ (item.key | lower) + ' attribute uniqueness' ] }}" + loop: "{{ uniq_attributes | dict2items | list }}" + +- name: 'Show exp_attr_uniq_entries_lc.' + debug: + var: exp_attr_uniq_entries_lc + verbosity: 2 + +- name: 'Purge attr-uniq entries.' + when: (ds389_plugin_attr_uniq_purge | bool) == true + block: + + - name: 'Purge unnecessary attr-uniq entries.' + debug: + msg: "Deleting attr-uniq entry '{{ attr_uniq_entry }}'." + when: ( attr_uniq_entry | lower ) not in exp_attr_uniq_entries_lc + loop: "{{ cur_attr_uniq_entries }}" + loop_control: + loop_var: attr_uniq_entry + + +# vim: filetype=yaml diff --git a/roles/389ds-config-plugins/tasks/main.yaml b/roles/389ds-config-plugins/tasks/main.yaml index 19d9fc5..cc9b468 100644 --- a/roles/389ds-config-plugins/tasks/main.yaml +++ b/roles/389ds-config-plugins/tasks/main.yaml @@ -8,4 +8,8 @@ include_tasks: 'referint.yaml' when: (ds389_plugin_referint_config | bool) == true +- name: "Configuring the 389ds attr-uniq-Plugin." + include_tasks: 'attr-uniq.yaml' + when: (ds389_plugin_attr_uniq_config | bool) == true + # vim: filetype=yaml diff --git a/roles/389ds-config-plugins/tasks/referint.yaml b/roles/389ds-config-plugins/tasks/referint.yaml index f91dafa..192dbee 100644 --- a/roles/389ds-config-plugins/tasks/referint.yaml +++ b/roles/389ds-config-plugins/tasks/referint.yaml @@ -21,7 +21,7 @@ - name: "Show config hash:" debug: var: plugin_referint_config - verbosity: 0 + verbosity: 2 - name: 'Predefine variable exec_set to false' set_fact: @@ -84,7 +84,7 @@ - name: "Show the command to execute:" debug: var: plugin_referint_cmd - verbosity: 0 + verbosity: 1 - name: "Finally configure the referential-integrity plugin." ansible.builtin.shell: "{{ plugin_referint_cmd }}" diff --git a/roles/389ds-restart/vars/main.yaml b/roles/389ds-restart/defaults/main.yaml similarity index 100% rename from roles/389ds-restart/vars/main.yaml rename to roles/389ds-restart/defaults/main.yaml diff --git a/roles/haproxy-disable-backend/vars/main.yaml b/roles/haproxy-disable-backend/defaults/main.yaml similarity index 100% rename from roles/haproxy-disable-backend/vars/main.yaml rename to roles/haproxy-disable-backend/defaults/main.yaml -- 2.39.5