2 files changed, 48 insertions, 0 deletions

diff --git a/roles/openldap/tasks/main.yml b/roles/openldap/tasks/main.yml
index 594e30e..27aca52 100644
--- a/roles/openldap/tasks/main.yml
+++ b/roles/openldap/tasks/main.yml
@@ -73,6 +73,10 @@
     state: present
   become: yes
 
+- name: Install custom schema
+  include_tasks: schema.yml
+  loop: '{{ ldap.schema | default([]) }}'
+
 #
 # schema
 #
diff --git a/roles/openldap/tasks/schema.yml b/roles/openldap/tasks/schema.yml
new file mode 100644
index 0000000..64c7bc8
--- /dev/null
+++ b/roles/openldap/tasks/schema.yml
@@ -0,0 +1,44 @@
+- name: search for entry
+  community.general.ldap_search:
+    dn: 'cn=schema,cn=config'
+    filter: '(&(objectClass=olcSchemaConfig)(cn={*}openssh-lpk))'
+    scope: children
+  become: yes
+  register: schemareg
+
+- name: Check results
+  assert:
+    that:
+      - schemareg['failed'] == false
+      - schemareg['results'] | length <= 1
+    fail_msg: "More than one occurance of {{ item['cn'] }}! clean them out."
+
+- name: "Install schema: create entry"
+  community.general.ldap_entry:
+    dn: 'cn={{ item["cn"] }},cn=schema,cn=config'
+    state: present
+    objectClass: olcSchemaConfig
+  become: yes
+  when: schemareg['results'] | length == 0
+
+- name: "Install schema: set attributes"
+  community.general.ldap_attrs:
+    dn: '{{ item["cn"] }},cn=schema,cn=config'
+    state: present
+    attributes:
+      objectClass: olcSchemaConfig
+      olcAttributeTypes: '{{ item["olcAttributeTypes"] }}'
+      olcObjectClasses: '{{ item["olcObjectClasses"] }}'
+  become: yes
+  when: schemareg['results'] | length == 0
+
+- name: Update schema
+  community.general.ldap_attrs:
+    dn: '{{ schemareg["results"][0]["dn"] }}'
+    state: exact
+    attributes:
+      objectClass: olcSchemaConfig
+      olcAttributeTypes: '{{ item["olcAttributeTypes"] }}'
+      olcObjectClasses: '{{ item["olcObjectClasses"] }}'
+  become: yes
+  when: schemareg['results'] | length > 0