From 96f1967e48f60db1727cc5724f48a5ce0e8026f0 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Thu, 15 Oct 2020 13:39:13 +0200 Subject: [PATCH] Applying memberof overlays --- roles/base/tasks/main.yaml | 110 +++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml index 7112612..996da90 100644 --- a/roles/base/tasks/main.yaml +++ b/roles/base/tasks/main.yaml @@ -13,3 +13,113 @@ changed_when: False register: main_database_rdn +- name: "Failing because main database for suffix '{{ lapd_suffix }}' not found." + fail: + msg: "Failed to detect main database for suffix '{{ lapd_suffix }}'." + when: main_database_rdn.rc != 0 + +################################################################ +# Install memberof overlay for groupOfNames + +- name: "Detecting existence of memberof overlay for groupOfNames" + shell: "find '{{ slapd_cfg_dir }}/cn=config/{{ main_database_rdn.stdout }}' -type f -iname 'olcOverlay=*memberof.ldif' -print0 | xargs --null grep -iPl '^olcMemberOfGroupOC:\\s+groupOfNames\\s*$'" + changed_when: False + register: ovl_memberof_groupOfNames_exists + +- name: "Applying memberof overlay for groupOfNames" + block: + + - name: "Initializing LDIF file memberof overlay for groupOfNames" + tempfile: + state: 'file' + prefix: 'overlay.memberof.groupOfNames.' + suffix: '.ldif' + register: ovl_memberof_groupOfNames_file + + - name: "Applying content to memberof overlay for groupOfNames file" + template: + src: "templates/overlay-memberof-0.ldif.j2" + dest: "{{ ovl_memberof_groupOfNames_file.path }}" + owner: root + group: root + mode: 0644 + + - name: "Get content of memberof overlay for groupOfNames file" + shell: "cat '{{ ovl_memberof_groupOfNames_file.path }}'" + register: content_ovl_memberof_groupOfNames_file + changed_when: False + no_log: True + + - name: "Show content of memberof overlay for groupOfNames file." + debug: msg={{ content_ovl_memberof_groupOfNames_file.stdout_lines }} + + - name: "Applying memberof overlay or groupOfNames." + shell: "ldapadd -Y EXTERNAL -H ldapi:/// -f '{{ ovl_memberof_groupOfNames_file.path }}'" + + rescue: + - name: "Failing base installation of OpenLDAP server because of some errors." + fail: + msg: "I caught an error" + + always: + + - name: "Removing file {{ ovl_memberof_groupOfNames_file.path }} ..." + file: + path: "{{ ovl_memberof_groupOfNames_file.path }}" + state: absent + + when: ovl_memberof_groupOfNames_exists.rc != 0 + +################################################################ +# Install memberof overlay for groupOfUniqueNames + +- name: "Detecting existence of memberof overlay for groupOfUniqueNames" + shell: "find '{{ slapd_cfg_dir }}/cn=config/{{ main_database_rdn.stdout }}' -type f -iname 'olcOverlay=*memberof.ldif' -print0 | xargs --null grep -iPl '^olcMemberOfGroupOC:\\s+groupOfUniqueNames\\s*$'" + changed_when: False + register: ovl_memberof_groupOfUniqueNames_exists + +- name: "Applying memberof overlay for groupOfUniqueNames" + block: + + - name: "Initializing LDIF file memberof overlay for groupOfUniqueNames" + tempfile: + state: 'file' + prefix: 'overlay.memberof.groupOfUniqueNames.' + suffix: '.ldif' + register: ovl_memberof_groupOfUniqueNames_file + + - name: "Applying content to memberof overlay for groupOfUniqueNames file" + template: + src: "templates/overlay-memberof-1.ldif.j2" + dest: "{{ ovl_memberof_groupOfUniqueNames_file.path }}" + owner: root + group: root + mode: 0644 + + - name: "Get content of memberof overlay for groupOfUniqueNames file" + shell: "cat '{{ ovl_memberof_groupOfUniqueNames_file.path }}'" + register: content_ovl_memberof_groupOfUniqueNames_file + changed_when: False + no_log: True + + - name: "Show content of memberof overlay for groupOfUniqueNames file." + debug: msg={{ content_ovl_memberof_groupOfUniqueNames_file.stdout_lines }} + + - name: "Applying memberof overlay or groupOfUniqueNames." + shell: "ldapadd -Y EXTERNAL -H ldapi:/// -f '{{ ovl_memberof_groupOfUniqueNames_file.path }}'" + + rescue: + - name: "Failing base installation of OpenLDAP server because of some errors." + fail: + msg: "I caught an error" + + always: + + - name: "Removing file {{ ovl_memberof_groupOfUniqueNames_file.path }} ..." + file: + path: "{{ ovl_memberof_groupOfUniqueNames_file.path }}" + state: absent + + when: ovl_memberof_groupOfUniqueNames_exists.rc != 0 + + -- 2.39.5