From 2f0ba395d1922108020f4a36f6c6582d40273594 Mon Sep 17 00:00:00 2001
From: Thomas Constans <thomas@opendoor.fr>
Date: Fri, 10 Mar 2023 10:30:28 +0100
Subject: [PATCH] initial commit, work on opendoor

---
 README.md               | 47 +++++++++++++++++++++++++++++++++++++
 defaults/main.yml       |  2 ++
 handlers/main.yml       |  2 ++
 meta/main.yml           | 52 +++++++++++++++++++++++++++++++++++++++++
 tasks/ldap_user_inc.yml | 33 ++++++++++++++++++++++++++
 tasks/main.yml          | 20 ++++++++++++++++
 tests/inventory         |  2 ++
 tests/test.yml          |  5 ++++
 vars/main.yml           |  2 ++
 9 files changed, 165 insertions(+)
 create mode 100644 README.md
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 meta/main.yml
 create mode 100644 tasks/ldap_user_inc.yml
 create mode 100644 tasks/main.yml
 create mode 100644 tests/inventory
 create mode 100644 tests/test.yml
 create mode 100644 vars/main.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0045416
--- /dev/null
+++ b/README.md
@@ -0,0 +1,47 @@
+Role Name
+=========
+
+Create ldap account for opendoor
+
+Requirements
+------------
+
+keepass entry for opendoor/collidine_ldap_password
+
+Role Variables
+--------------
+org: no default
+ldap_base - from group variables
+binddn - from group variables
+bindpwd - from group variables
+file : default account.csv csv file containing user to create:
+
+```csv
+org,firstname,lastname,email,password
+```
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: collidine
+      user: tom
+      become: false
+      roles:
+         - { role: tco.new_ldap_user, file: ~/Documents/Opendoor/Clients/Plop/account.csv }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Thomas C <thomas@opendoor.fr>
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..56fa136
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for tco.new_ldap_user
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..d7eee1e
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for tco.new_ldap_user
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..c572acc
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/tasks/ldap_user_inc.yml b/tasks/ldap_user_inc.yml
new file mode 100644
index 0000000..9f326b4
--- /dev/null
+++ b/tasks/ldap_user_inc.yml
@@ -0,0 +1,33 @@
+---
+  - name: add ldap ou
+    community.general.ldap_entry:
+      dn: "ou={{ org }},{{ ldap_base }}"
+      bind_dn: "{{ binddn }}"
+      bind_pw: "{{ bindpwd }}"
+      objectClass:
+       - organizationalUnit
+       - top
+
+  - name: add ldap account
+    vars:
+      firstname: "{{ item.firstname }}"
+      lastname: "{{ item.lastname }}"
+      email: "{{ item.email }}"
+      password: "{{ item.password }}"
+    community.general.ldap_entry:
+      bind_dn: "{{ binddn }}"
+      bind_pw: "{{ bindpwd }}"
+      dn: "uid={{ firstname |lower }}, ou={{ org }},{{ ldap_base }}"
+      state: present
+      objectClass:
+         - inetorgperson
+         - inetLocalMailRecipient
+      attributes:
+        givenName: "{{ firstname }}"
+        sn: "{{ lastname | default( firstname ) }}"
+        cn: "{{ firstname }}"
+        mail: "{{ email }}"
+        uid: "{{ firstname | lower }}"
+        PreferredDeliveryMethod: any
+        displayName: "{{ firstname }} {{ lastname }}"
+        userPassword: "{{ password }}"
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..50cbee1
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+# ansible-playbook /etc/ansible/Playbooks/new_ldap_user.yml  -K --ask-vault-pass
+# --extra-vars="file=account.csv"
+  - name: set some vars
+    ansible.builtin.set_fact:
+      binddn: "{{ lookup( 'viczem.keepass.keepass', 'opendoor/collidine_ldap_password', 'username' ) }}"
+      bindpwd:  "{{ lookup( 'viczem.keepass.keepass', 'opendoor/collidine_ldap_password', 'password' ) }}"
+    tags: always
+    when: binddn is not defined
+
+  - name: read csv file
+    community.general.read_csv:
+      path: '{{ file|default( "account.csv" ) }}'
+    register: users
+    delegate_to: localhost
+
+  - include_tasks: ldap_user_inc.yml
+    loop: "{{ users.list }}"
+
+
diff --git a/tests/inventory b/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/tests/test.yml b/tests/test.yml
new file mode 100644
index 0000000..efc0d64
--- /dev/null
+++ b/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - tco.new_ldap_user
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 0000000..7b215ef
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for tco.new_ldap_user