Renamed the mariadb, openldap and postgres database

2025-10-31 10:19:09 +00:00 · 2025-07-12 16:06:13 +02:00
parent e174523fc6
commit 3b03c5171d
84 changed files with 210 additions and 106 deletions
--- a/roles/svc-db-openldap/tasks/schemas/openssh_lpk.yml
+++ b/roles/svc-db-openldap/tasks/schemas/openssh_lpk.yml
@@ -0,0 +1,40 @@
+- name: Install ldapsm
+  include_role:
+    name: pkgmgr-install
+  vars:
+    package_name: ldapsm
+
+- name: Ensure OpenSSH-LPK schema via ldapsm
+  vars:
+    schema_name: "openssh-lpk"
+    attribute_defs:
+      - "( 1.3.6.1.4.1.24552.1.1 NAME '{{ ldap.user.attributes.ssh_public_key }}' DESC 'OpenSSH Public Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )"
+      - "( 1.3.6.1.4.1.24552.1.2 NAME 'sshFingerprint' DESC 'OpenSSH Public Key Fingerprint' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )"
+    objectclass_defs:
+      - >-
+        ( 1.3.6.1.4.1.24552.2.1
+          NAME '{{ ldap.user.objects.auxiliary.ssh_public_key }}'
+          DESC 'Auxiliary class for OpenSSH public keys'
+          SUP top
+          AUXILIARY
+          MAY ( {{ ldap.user.attributes.ssh_public_key }} $ sshFingerprint ) )
+
+  command: >
+    ldapsm
+      -s {{ ldap_server_uri }}
+      -D '{{ ldap_bind_dn }}'
+      -W '{{ ldap_bind_pw }}'
+      -n {{ schema_name }}
+      {% for at in attribute_defs %}
+      -a "{{ at }}"
+      {% endfor %}
+      {% for oc in objectclass_defs %}
+      -c "{{ oc }}"
+      {% endfor %}
+  register: opensshlpk_ldapsm
+  changed_when: "'Created schema entry' in opensshlpk_ldapsm.stdout"
+  check_mode: no
+
+- name: Show ldapsm output for openssh-lpk
+  debug:
+    var: opensshlpk_ldapsm.stdout_lines