tom/ansible_new_ldap_user
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

now we can set up server uri, group and user branches

Browse Source
This commit is contained in:
Thomas Constans
2026-01-12 16:23:06 +01:00
parent 5f7b68fb44
commit 0f83b66f0e
4 changed files with 19 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -12,8 +12,10 @@ Role Variables
-------------- --------------
* org: no default * org: no default
* ldap_base - from group variables * nlu_ldap_base - from group variables
* ldap_group_dn - from group variables * nlu_ldap_group_dn - from group variables
* nlu_ldap_user_dn - default to ou={{ org }},{{ nlu_ldap_base }}
* nlu_ldap_uri - default ldapi:///
* nlu_dn_attribute - firstname or email - default to email * nlu_dn_attribute - firstname or email - default to email
* binddn - from group variables * binddn - from group variables
* bindpwd - from group variables * bindpwd - from group variables

2
defaults/main.yml
View File

@@ -1,3 +1,5 @@
--- ---
# defaults file for tco.new_ldap_user # defaults file for tco.new_ldap_user
nlu_dn_attribute: email nlu_dn_attribute: email
nlu_ldap_uri: ldapi:///
nlu_ldap_user_dn: "ou={{ org }},{{ nlu_ldap_base }}"

20
tasks/ldap_user_inc.yml
View File

@@ -5,13 +5,14 @@
lastname: "{{ item.lastname }}" lastname: "{{ item.lastname }}"
email: "{{ item.email }}" email: "{{ item.email }}"
group: "{{ item.group | default ('') }}" group: "{{ item.group | default ('') }}"
dn: "uid={{ item[ nlu_dn_attribute ] |lower }},ou={{ org }},{{ ldap_base }}" dn: "uid={{ item[ nlu_dn_attribute ] |lower }},{{ nlu_ldap_user_dn }}"
password: "{{ (item.password=='')| ternary(lookup('community.general.random_string', min_lower=1, min_upper=1, special=false,min_numeric=1, length=14), item.password ) }}" password: "{{ (item.password=='')| ternary(lookup('community.general.random_string', min_lower=1, min_upper=1, special=false,min_numeric=1, length=14), item.password ) }}"
- name: "add ldap account {{dn }}" - name: "add ldap account {{dn }}"
community.general.ldap_entry: community.general.ldap_entry:
bind_dn: "{{ ldap_binddn }}" server_uri: "{{ nlu_ldap_uri }}"
bind_pw: "{{ ldap_bindpwd }}" bind_dn: "{{ nlu_ldap_binddn }}"
bind_pw: "{{ nlu_ldap_bindpw }}"
dn: "{{ dn }} " dn: "{{ dn }} "
state: present state: present
objectClass: objectClass:
@@ -27,16 +28,13 @@
userPassword: "{{ password }}" userPassword: "{{ password }}"
register: result register: result
- name: debug
ansible.builtin.debug:
msg: "group is =={{ group }}=="
- name: "add account to group" - name: "add account to group"
when: group != "" when: group != ""
community.general.ldap_attrs: community.general.ldap_attrs:
dn: "cn={{ group }},{{ ldap_group_dn }}" server_uri: "{{ nlu_ldap_uri }}"
bind_dn: "{{ ldap_binddn }}" dn: "cn={{ group }},{{ nlu_ldap_group_dn }}"
bind_pw: "{{ ldap_bindpwd }}" bind_dn: "{{ nlu_ldap_binddn }}"
bind_pw: "{{ nlu_ldap_bindpw }}"
attributes: attributes:
member: "{{ dn }}" member: "{{ dn }}"
@@ -45,7 +43,7 @@
path: "tmppassword.csv" path: "tmppassword.csv"
state: present state: present
create: true create: true
line: "{{ firstname | lower }},{{ password }}" line: "{{ item[ nlu_dn_attribute ] }},{{ password }}"
delegate_to: localhost delegate_to: localhost
become: false become: false
when: result.changed when: result.changed

7
tasks/main.yml
View File

@@ -1,9 +1,10 @@
--- ---
- name: "add ldap ou ou={{ org }},{{ ldap_base }}" - name: "add ldap ou ou={{ org }},{{ ldap_base }}"
community.general.ldap_entry: community.general.ldap_entry:
dn: "ou={{ org }},{{ ldap_base }}" server_uri: "{{ nlu_ldap_uri }}"
bind_dn: "{{ ldap_binddn }}" dn: "ou={{ org }},{{ nlu_ldap_base }}"
bind_pw: "{{ ldap_bindpwd }}" bind_dn: "{{ nlu_ldap_binddn }}"
bind_pw: "{{ nlu_ldap_bindpw }}"
objectClass: objectClass:
- organizationalUnit - organizationalUnit
- top - top