kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-28 18:30:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Finished ldap optimation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-25 12:30:56 +02:00
parent 72deb13d07
commit 79d6a68dc1
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
1 changed files with 30 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
roles/docker-ldap/tasks/main.yml
View File

@ -50,23 +50,43 @@
- python-ldap - python-ldap
state: present state: present
- name: "Ensure LDAP users are present and up to date" ###############################################################################
# 1) Create the LDAP entry if it does not yet exist
###############################################################################
- name: Ensure LDAP users exist
community.general.ldap_entry: community.general.ldap_entry:
dn: "{{ ldap.attributes.user_id }}={{ item.key }},{{ ldap.dn.users }}" dn: "{{ ldap.attributes.user_id }}={{ item.key }},{{ ldap.dn.users }}"
server_uri: "ldap://127.0.0.1:{{ports.localhost.ldap.ldap}}" server_uri: "ldap://127.0.0.1:{{ ports.localhost.ldap.ldap }}"
bind_dn: "{{ ldap.dn.administrator }}" bind_dn: "{{ ldap.dn.administrator }}"
bind_pw: "{{ ldap.bind_credential }}" bind_pw: "{{ ldap.bind_credential }}"
objectClass: "{{ ldap.user_objects }}" objectClass: "{{ ldap.user_objects }}"
attributes: attributes:
"{{ ldap.attributes.user_id }}": "{{ item.key }}" uid: "{{ item.key }}" # {{ ldap.attributes.user_id }} can't be used as key here, dynamic key generation isn't possible
sn: "{{ item.value.sn | default(item.key) }}" sn: "{{ item.value.sn | default(item.key) }}"
cn: "{{ item.value.cn | default(item.key) }}" cn: "{{ item.value.cn | default(item.key) }}"
userPassword: "{SSHA}{{ item.value.password }}" userPassword: "{SSHA}{{ item.value.password }}"
loginShell: /bin/bash loginShell: /bin/bash
homeDirectory: "/home/{{ item.key }}" homeDirectory: "/home/{{ item.key }}"
uidNumber: "{{ item.value.uid | int }}" uidNumber: "{{ item.value.uid | int }}"
gidNumber: "{{ item.value.gid | int }}" gidNumber: "{{ item.value.gid | int }}"
state: present state: present # ↳ creates but never updates
loop: "{{ users | dict2items }}"
loop_control:
label: "{{ item.key }}"
###############################################################################
# 2) Keep the objectClass list AND the mail attribute up-to-date
###############################################################################
- name: Ensure required objectClass values and mail address are present
community.general.ldap_attrs:
dn: "{{ ldap.attributes.user_id }}={{ item.key }},{{ ldap.dn.users }}"
server_uri: "ldap://127.0.0.1:{{ ports.localhost.ldap.ldap }}"
bind_dn: "{{ ldap.dn.administrator }}"
bind_pw: "{{ ldap.bind_credential }}"
attributes:
objectClass: "{{ ldap.user_objects }}"
mail: "{{ item.value.email }}"
state: exact # exact is safest for single-valued attributes
loop: "{{ users | dict2items }}" loop: "{{ users | dict2items }}"
loop_control: loop_control:
label: "{{ item.key }}" label: "{{ item.key }}"