From 2c57b5370c6cd44f700985132f360c15d2664ebf Mon Sep 17 00:00:00 2001
From: Jonas Gunz <himself@jonasgunz.de>
Date: Sun, 5 Jun 2022 23:26:31 +0200
Subject: openldap: Add custom schema options

Allows to specify custom schema entries
in config file
---
 roles/openldap/tasks/main.yml   |  4 ++++
 roles/openldap/tasks/schema.yml | 44 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 roles/openldap/tasks/schema.yml

(limited to 'roles/openldap/tasks')

diff --git a/roles/openldap/tasks/main.yml b/roles/openldap/tasks/main.yml
index 594e30e..27aca52 100644
--- a/roles/openldap/tasks/main.yml
+++ b/roles/openldap/tasks/main.yml
@@ -73,6 +73,10 @@
     state: present
   become: yes
 
+- name: Install custom schema
+  include_tasks: schema.yml
+  loop: '{{ ldap.schema | default([]) }}'
+
 #
 # schema
 #
diff --git a/roles/openldap/tasks/schema.yml b/roles/openldap/tasks/schema.yml
new file mode 100644
index 0000000..64c7bc8
--- /dev/null
+++ b/roles/openldap/tasks/schema.yml
@@ -0,0 +1,44 @@
+- name: search for entry
+  community.general.ldap_search:
+    dn: 'cn=schema,cn=config'
+    filter: '(&(objectClass=olcSchemaConfig)(cn={*}openssh-lpk))'
+    scope: children
+  become: yes
+  register: schemareg
+
+- name: Check results
+  assert:
+    that:
+      - schemareg['failed'] == false
+      - schemareg['results'] | length <= 1
+    fail_msg: "More than one occurance of {{ item['cn'] }}! clean them out."
+
+- name: "Install schema: create entry"
+  community.general.ldap_entry:
+    dn: 'cn={{ item["cn"] }},cn=schema,cn=config'
+    state: present
+    objectClass: olcSchemaConfig
+  become: yes
+  when: schemareg['results'] | length == 0
+
+- name: "Install schema: set attributes"
+  community.general.ldap_attrs:
+    dn: '{{ item["cn"] }},cn=schema,cn=config'
+    state: present
+    attributes:
+      objectClass: olcSchemaConfig
+      olcAttributeTypes: '{{ item["olcAttributeTypes"] }}'
+      olcObjectClasses: '{{ item["olcObjectClasses"] }}'
+  become: yes
+  when: schemareg['results'] | length == 0
+
+- name: Update schema
+  community.general.ldap_attrs:
+    dn: '{{ schemareg["results"][0]["dn"] }}'
+    state: exact
+    attributes:
+      objectClass: olcSchemaConfig
+      olcAttributeTypes: '{{ item["olcAttributeTypes"] }}'
+      olcObjectClasses: '{{ item["olcObjectClasses"] }}'
+  become: yes
+  when: schemareg['results'] | length > 0
-- 
cgit v1.2.3