Added ldap roles draft

roles/docker-ldap/README.md

@@ -16,80 +16,21 @@ This Ansible role provides a streamlined implementation of an LDAP server with T
 - **Healthcheck Support**:
   - Ensures that the LDAP service is healthy and accessible using `ldapsearch`.
 
----
-
-## 📋 **Requirements**
-
-### Prerequisites
-- A valid domain name.
-- Ansible installed on the deployment host.
-- Docker and Docker Compose installed on the target host.
-
----
-
-## 🔧 **Role Variables**
-
-### Key Variables
-| Variable                      | Description                                              | Default Value                        |
-|-------------------------------|----------------------------------------------------------|--------------------------------------|
-| `application_id` | Name of the Docker Compose project.                     | `ldap`                               |
-| `ldap_root`                   | Base DN for the LDAP directory.                         | `dc={{primary_domain_sld}},dc={{primary_domain_tld}}` |
-| `ldap_admin_dn`               | Distinguished Name (DN) for the LDAP administrator.     | `cn={{applications.ldap.administrator_username}},{{ldap_root}}` |
-| `cert_mount_directory`        | Directory to mount SSL/TLS certificates.                | `{{docker_compose.directories.instance}}/certs/` |
-| `applications.ldap.administrator_username` | Username for the LDAP admin.                            | `admin`                              |
-| `applications.ldap.administrator_password` | Password for the LDAP admin.                            | _Required_                           |
-| `applications.ldap.phpldapadmin.version`          | Version of phpLDAPadmin Docker image.                   | `latest`                             |
-| `applications.ldap.openldap.version`                | Version of OpenLDAP Docker image.                       | `latest`                             |
-
----
-
-## 📂 **Role Structure**
-
-```
-roles/
-  docker-ldap/
-    README.md
-    vars/
-      main.yml
-    tasks/
-      main.yml
-    templates/
-      docker-compose.yml.j2
-      nginx.stream.conf.j2
+--
+## Maintanance
+### Show all Entires
+```bash 
+docker exec --env LDAP_ADMIN_PASSWORD="$LDAP_ADMIN_PASSWORD" -it openldap bash -c "ldapsearch -LLL -o ldif-wrap=no -x -D 'cn=administrator,dc=veen,dc=world' -w \"\$LDAP_ADMIN_PASSWORD\" -b 'dc=veen,dc=world'
 ```
 
----
+### Delete Groups and Subgroup
+To delete the group inclusive all subgroups use:
+```bash
+docker exec --env LDAP_ADMIN_PASSWORD="$LDAP_ADMIN_PASSWORD" -it openldap bash -c "ldapsearch -LLL -o ldif-wrap=no -x -D 'cn=administrator,dc=veen,dc=world' -w \"\$LDAP_ADMIN_PASSWORD\" -b 'ou=applications,ou=groups,dc=veen,dc=world' dn | sed -n 's/^dn: //p' | tac | while read -r dn; do echo \"Deleting \$dn\"; ldapdelete -x -D 'cn=administrator,dc=veen,dc=world' -w \"\$LDAP_ADMIN_PASSWORD\" \"\$dn\"; done"
 
-## 📖 **Usage**
-
-Here’s an example playbook to use this role:
-
-```yaml
-- name: Deploy LDAP
-  hosts: ldap_servers
-  roles:
-    - role: docker-ldap
-      vars:
-        docker_compose.directories.instance: "/opt/docker/ldap/"
-        primary_domain_sld: "veen"
-        primary_domain_tld: "world"
-        applications.ldap.administrator_username: "administrator"
-        applications.ldap.administrator_password: "secure_password_here"
-        applications.ldap.phpldapadmin.version: "latest"
-        applications.ldap.openldap.version: "latest"
 ```
 
-### **Steps to Deploy:**
-1. Clone your playbook repository to the target server.
-2. Run the playbook:
-   ```bash
-   ansible-playbook -i inventory playbook.yml
-   ```
-3. Access phpLDAPadmin:
-   - URL: `http://localhost:8080` (or your configured port)
-   - Login: Use the admin DN and password.
-
----
+--
 
 ## 🛠️ **Technical Details**
 

roles/docker-ldap/handlers/main.yml

@@ -0,0 +1,8 @@
+- name: "import missing groups from {{groups_ldif_docker_path}} to OpenLDAP"
+  shell: >
+    docker exec -i openldap ldapadd -x -D "{{ldap_admin_dn}}" -w "{{applications.ldap.administrator_database_password}}" -c -f "{{groups_ldif_docker_path}}"
+  register: ldapadd_result
+  changed_when: "'adding new entry' in ldapadd_result.stdout"
+  # Allow return code 0 (all entries added) or 68 (entry already exists)
+  failed_when: ldapadd_result.rc not in [0, 68]
+  listen: "Import missing groups to OpenLDAP"

roles/docker-ldap/tasks/main.yml

@@ -43,4 +43,14 @@
     mode: '770'
     force: yes
   notify: docker compose project setup
-  when: applications.ldap.webinterface == 'lam'
+  when: applications.ldap.webinterface == 'lam'
+
+- name: flush docker service
+  meta: flush_handlers
+
+- name: "create {{groups_ldif_host_path}}"
+  template:
+    src:  "groups.ldif.j2" 
+    dest: "{{groups_ldif_host_path}}"
+    mode: '770'
+  notify: Import missing groups to OpenLDAP

roles/docker-ldap/templates/docker-compose.yml.j2

@@ -32,6 +32,7 @@ services:
 {% endif %}
     volumes:
       - 'data:/bitnami/openldap'
+      - '{{groups_ldif_host_path}}:{{groups_ldif_docker_path}}:ro'  # Mounting the groups for importing
     healthcheck:
       test: >
         ldapsearch -x -H ldap://localhost:389 -b "{{ldap_root}}" -D "{{ldap_admin_dn}}" -w "{{applications.ldap.administrator_database_password}}"

roles/docker-ldap/templates/groups.ldif.j2

@@ -1,3 +1,7 @@
+#######################################################################
+# This file contains the CyMaIS default groups
+#######################################################################
+
 #######################################################################
 # Base container for all role-based groups
 #######################################################################
@@ -7,156 +11,136 @@ ou: groups
 description: Container for all role-based groups (by function/profession)
 
 #######################################################################
-# Role: System Administrator
+# Role: Administrators
 #######################################################################
-dn: cn=systemadministrator,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
-cn: systemadministrator
-description: Role: System Administrator (infrastructure, security, database management, etc.)
-member: cn=dummy,ou=users,dc=veen,dc=world
+dn: cn=administrator,ou=groups,dc=veen,dc=world
+objectClass: groupOfUniqueNames
+cn: administrators
+description: Role: Administrators of this system
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Developer
 #######################################################################
 dn: cn=developer,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: developer
 description: Role: Developer and DevOps (coding, automation, CI/CD, etc.)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Project Manager
 #######################################################################
 dn: cn=projectmanager,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: projectmanager
 description: Role: Project Manager and Collaboration (project planning, task management, etc.)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Communication Specialist
 #######################################################################
 dn: cn=communicationspecialist,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: communicationspecialist
 description: Role: Communication Specialist (community management, messaging, social networks, etc.)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Content Manager
 #######################################################################
 dn: cn=contentmanager,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: contentmanager
 description: Role: Content Manager/CMS Administrator (content creation, website management, etc.)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Marketing Analyst
 #######################################################################
 dn: cn=marketinganalyst,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
-cn: marketinganalyst
-description: Role: Marketing, Finance & Analytics (marketing platforms, financial reporting, analytics, etc.)
-member: cn=dummy,ou=users,dc=veen,dc=world
-
-#######################################################################
-# Role: Developer
-#######################################################################
-dn: cn=developer,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
-cn: developer
-description: Role: Developer (coding, software development, and DevOps tasks)
-member: cn=dummy,ou=users,dc=veen,dc=world
-
-
-#######################################################################
-# Role: Marketing Analyst
-#######################################################################
-dn: cn=marketinganalyst,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: marketinganalyst
 description: Role: Marketing Analyst (marketing, finance, and analytics)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: DevOps Engineer
 #######################################################################
 dn: cn=devopsengineer,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: devopsengineer
 description: Role: DevOps Engineer (continuous integration, deployment, and container orchestration)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Database Administrator
 #######################################################################
 dn: cn=databaseadministrator,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: databaseadministrator
 description: Role: Database Administrator (database management and data integrity)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Security Specialist
 #######################################################################
 dn: cn=securityspecialist,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: securityspecialist
 description: Role: Security Specialist (container security, vulnerability assessments, and compliance)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Network Administrator
 #######################################################################
 dn: cn=networkadministrator,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: networkadministrator
 description: Role: Network Administrator (network configuration, connectivity, and firewall management)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: IT Support Specialist
 #######################################################################
 dn: cn=itsupportspecialist,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: itsupportspecialist
 description: Role: IT Support Specialist (technical support and troubleshooting)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Quality Assurance Engineer
 #######################################################################
 dn: cn=qualityassuranceengineer,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: qualityassuranceengineer
 description: Role: Quality Assurance Engineer (testing and ensuring software quality)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Business Analyst
 #######################################################################
 dn: cn=businessanalyst,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: businessanalyst
 description: Role: Business Analyst (analyzing business requirements and translating them into technical needs)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Product Owner
 #######################################################################
 dn: cn=productowner,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: productowner
 description: Role: Product Owner (oversees product strategy and manages feature prioritization)
-member: cn=dummy,ou=users,dc=veen,dc=world
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world
 
 #######################################################################
 # Role: Operations Manager
 #######################################################################
 dn: cn=operationsmanager,ou=groups,dc=veen,dc=world
-objectClass: groupOfNames
+objectClass: groupOfUniqueNames
 cn: operationsmanager
 description: Role: Operations Manager (oversees daily operations and ensures system performance)
-member: cn=dummy,ou=users,dc=veen,dc=world
-
+uniqueMember: cn=dummy,ou=users,dc=veen,dc=world

roles/docker-ldap/vars/main.yml

@@ -4,11 +4,12 @@ ldap_admin_dn:                "cn={{applications.ldap.administrator_username}},{
 ldap_secure_localhost_port:   1636
 ldap_secure_internet_port:    636
 ldap_localhost_port:          389
-
+ldap_network_enabled:         "{{ldap.enabled}}"
 # OAuth2 Proxy Configuration
 oauth2_proxy_upstream_application_and_port: "{{ applications.ldap.webinterface }}:{% if applications.ldap.webinterface == 'phpldapadmin' %}8080{% else %}80{% endif %}"
 oauth2_proxy_active:                        true
 
 enable_wildcard_certificate:  false # Activate dedicated Certificate
 
-ldap_network_enabled:         "{{ldap.enabled}}"
+groups_ldif_host_path:    "{{docker_compose.directories.volumes}}groups.ldif" # Path inside the host
+groups_ldif_docker_path:  "/tmp/groups.ldif"                                  # Path inside the docker container