Added provisioning switches for openldap to improve performance

2025-07-17 14:04:24 +02:00 · 2025-07-14 08:45:53 +02:00 · 2025-07-14 08:45:53 +02:00 · 732607bbb6
commit 732607bbb6
parent c6f49dc6e2
7 changed files with 19 additions and 10 deletions
--- a/roles/svc-db-openldap/config/main.yml
+++ b/roles/svc-db-openldap/config/main.yml
@ -9,10 +9,12 @@ images:
 webinterface:     "lam"                               # The webinterface which should be used. Possible: lam and phpldapadmin
 features:
  ldap:           true
-import:           
-# Here it's possible to define what can be imported. 
+provisioning:           
+# Here it's possible to define what should be imported and updated.
 # It doesn't make sense to let  the import run everytime because its very time consuming
-  credentials:    true 
-  schemas:        true 
-  entries:        true 
-  users:          true
+  configuration:  true # E.g. MemberOf and Hashed Password Configuration
+  credentials:    true # Administrator Password
+  schemas:        true # E.g. Nextcloud, Openssl
+  users:          true # E.g. User, group and role entries
+  groups:         true # Roles and Groups import
+  update:         true # User Class updates
--- a/roles/svc-db-openldap/tasks/03_entries.yml
+++ b/roles/svc-db-openldap/tasks/03_entries.yml
--- a/roles/svc-db-openldap/tasks/04_user_updates.yml
+++ b/roles/svc-db-openldap/tasks/04_user_updates.yml
--- a/roles/svc-db-openldap/tasks/main.yml
+++ b/roles/svc-db-openldap/tasks/main.yml
@ -36,7 +36,9 @@

 - name: "Reset LDAP Credentials"
  include_tasks: 01_credentials.yml
-  when: applications | get_app_conf(application_id, 'network.local', True)
+  when:
+    - applications | get_app_conf(application_id, 'network.local', True)
+    - applications | get_app_conf(application_id, 'provisioning.credentials', True)

 - name: "create directory {{ldif_host_path}}{{item}}"
  file:
@ -51,6 +53,7 @@
    - configuration
  loop_control:
    loop_var: folder
+  when: applications | get_app_conf(application_id, 'provisioning.configuration', True)

 - name: flush LDIF handlers
  meta: flush_handlers
@ -63,16 +66,20 @@

 - name: "Include Schemas (if enabled)"
  include_tasks: 02_schemas.yml
+  when: applications | get_app_conf(application_id, 'provisioning.schemas', True)

 - name: "Import LDAP Entries (if enabled)"
-  include_tasks: 03_entries.yml
+  include_tasks: 03_users.yml
+  when: applications | get_app_conf(application_id, 'provisioning.users', True)

 - name: "Import LDIF Data (if enabled)"
  include_tasks: ldifs_creation.yml
  loop:
-    - data
+    - groups
  loop_control:
    loop_var: folder
+  when: applications | get_app_conf(application_id, 'provisioning.groups', True)

 - name: "Add Objects to all users"
-  include_tasks: 04_user_updates.yml
+  include_tasks: 04_update.yml
+  when: applications | get_app_conf(application_id, 'provisioning.update', True)
--- a/roles/svc-db-openldap/templates/ldif/groups/01_rbac_group.ldif.j2
+++ b/roles/svc-db-openldap/templates/ldif/groups/01_rbac_group.ldif.j2
--- a/roles/svc-db-openldap/templates/ldif/groups/02_rbac_roles.ldif.j2
+++ b/roles/svc-db-openldap/templates/ldif/groups/02_rbac_roles.ldif.j2
--- a/roles/svc-db-openldap/templates/ldif/groups/README.md
+++ b/roles/svc-db-openldap/templates/ldif/groups/README.md