added group support
This commit is contained in:
@@ -19,10 +19,12 @@ Role Variables
|
|||||||
* file : default account.csv csv file containing user to create:
|
* file : default account.csv csv file containing user to create:
|
||||||
|
|
||||||
```csv
|
```csv
|
||||||
firstname,lastname,email,[password]
|
firstname,lastname,email,[password][grou]
|
||||||
```
|
```
|
||||||
|
|
||||||
password field optionnal - if empty will be generated automatically - WIP
|
password field optionnal - if empty will be generated automatically
|
||||||
|
|
||||||
|
group field optionnal - if not empty, user dn will be put as "member" of cn=group,org,basedn
|
||||||
|
|
||||||
keep the final comma, though !
|
keep the final comma, though !
|
||||||
|
|
||||||
|
|||||||
@@ -4,13 +4,14 @@
|
|||||||
firstname: "{{ item.firstname }}"
|
firstname: "{{ item.firstname }}"
|
||||||
lastname: "{{ item.lastname }}"
|
lastname: "{{ item.lastname }}"
|
||||||
email: "{{ item.email }}"
|
email: "{{ item.email }}"
|
||||||
|
group: "{{ item.group | default ('') }}"
|
||||||
dn: "uid={{ item[ nlu_dn_attribute ] |lower }},ou={{ org }},{{ ldap_base }}"
|
dn: "uid={{ item[ nlu_dn_attribute ] |lower }},ou={{ org }},{{ ldap_base }}"
|
||||||
password: "{{ (item.password=='')| ternary(lookup('community.general.random_string', min_lower=1, min_upper=1, special=false,min_numeric=1, length=14), item.password ) }}"
|
password: "{{ (item.password=='')| ternary(lookup('community.general.random_string', min_lower=1, min_upper=1, special=false,min_numeric=1, length=14), item.password ) }}"
|
||||||
|
|
||||||
- name: "add ldap account {{dn }}"
|
- name: "add ldap account {{dn }}"
|
||||||
community.general.ldap_entry:
|
community.general.ldap_entry:
|
||||||
bind_dn: "{{ binddn }}"
|
bind_dn: "{{ ldap_binddn }}"
|
||||||
bind_pw: "{{ bindpwd }}"
|
bind_pw: "{{ ldap_bindpwd }}"
|
||||||
dn: "{{ dn }} "
|
dn: "{{ dn }} "
|
||||||
state: present
|
state: present
|
||||||
objectClass:
|
objectClass:
|
||||||
@@ -26,6 +27,19 @@
|
|||||||
userPassword: "{{ password }}"
|
userPassword: "{{ password }}"
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
|
- name: debug
|
||||||
|
ansible.builtin.debug:
|
||||||
|
msg: "group is =={{ group }}=="
|
||||||
|
|
||||||
|
- name: "add account to group"
|
||||||
|
when: group != ""
|
||||||
|
community.general.ldap_attrs:
|
||||||
|
dn: "cn={{ group }},ou={{ org }},{{ ldap_base }}"
|
||||||
|
bind_dn: "{{ ldap_binddn }}"
|
||||||
|
bind_pw: "{{ ldap_bindpwd }}"
|
||||||
|
attributes:
|
||||||
|
member: "{{ dn }}"
|
||||||
|
|
||||||
- name: "account recap"
|
- name: "account recap"
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: "tmppassword.csv"
|
path: "tmppassword.csv"
|
||||||
|
|||||||
@@ -1,18 +1,9 @@
|
|||||||
---
|
---
|
||||||
# ansible-playbook /etc/ansible/Playbooks/new_ldap_user.yml -K --ask-vault-pass
|
|
||||||
# --extra-vars="file=account.csv"
|
|
||||||
- name: set some vars
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
binddn: "{{ lookup( 'viczem.keepass.keepass', 'opendoor/collidine_ldap_password', 'username' ) }}"
|
|
||||||
bindpwd: "{{ lookup( 'viczem.keepass.keepass', 'opendoor/collidine_ldap_password', 'password' ) }}"
|
|
||||||
tags: always
|
|
||||||
when: binddn is not defined
|
|
||||||
|
|
||||||
- name: "add ldap ou ou={{ org }},{{ ldap_base }}"
|
- name: "add ldap ou ou={{ org }},{{ ldap_base }}"
|
||||||
community.general.ldap_entry:
|
community.general.ldap_entry:
|
||||||
dn: "ou={{ org }},{{ ldap_base }}"
|
dn: "ou={{ org }},{{ ldap_base }}"
|
||||||
bind_dn: "{{ binddn }}"
|
bind_dn: "{{ ldap_binddn }}"
|
||||||
bind_pw: "{{ bindpwd }}"
|
bind_pw: "{{ ldap_bindpwd }}"
|
||||||
objectClass:
|
objectClass:
|
||||||
- organizationalUnit
|
- organizationalUnit
|
||||||
- top
|
- top
|
||||||
|
|||||||
Reference in New Issue
Block a user