now we can set up server uri, group and user branches

ldap groupdn now a var
typo
2026-01-12 16:23:06 +01:00 · 2025-11-04 17:09:20 +01:00 · 2025-11-04 14:32:30 +01:00 · 2025-09-17 11:36:24 +02:00 · 2024-09-23 16:56:47 +02:00 · 2024-05-13 23:50:19 +02:00
4 changed files with 45 additions and 28 deletions
--- a/README.md
+++ b/README.md
@@ -10,17 +10,23 @@ keepass entry for opendoor/collidine_ldap_password
 Role Variables
 --------------
-org: no default
+
-ldap_base - from group variables
+  * org: no default
-binddn - from group variables
+  * nlu_ldap_base - from group variables
-bindpwd - from group variables
+  * nlu_ldap_group_dn - from group variables
-file : default account.csv csv file containing user to create:
+  * nlu_ldap_user_dn - default to ou={{ org }},{{ nlu_ldap_base }}
  * nlu_ldap_uri - default ldapi:///
  * nlu_dn_attribute - firstname or email - default to email
  * binddn - from group variables
  * bindpwd - from group variables
  * file : default account.csv csv file containing user to create:
 ```csv
-firstname,lastname,email,[password]
+firstname,lastname,email,[password][group]
 ```
 password field optionnal - if empty will be generated automatically
-password field optionnal - if empty will be generated automatically - WIP
+group field optionnal - if not empty, user dn will be put as "member" of cn=group,org,basedn
 keep the final comma, though !
@@ -38,7 +44,7 @@ Including an example of how to use your role (for instance, with variables passe
      user: tom
      become: false
      roles:
-         - { role: tco.new_ldap_user, org=plop.fr,file: ~/Documents/Opendoor/Clients/Plop/account.csv }
+         - { role: tco.new_ldap_user, org=plop.fr,file: ~/Documents/Opendoor/Clients/Plop/account.csv , nlu_dn_attribute: email }
 License
 -------
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,5 @@
 ---
 # defaults file for tco.new_ldap_user
 nlu_dn_attribute: email
 nlu_ldap_uri: ldapi:///
 nlu_ldap_user_dn: "ou={{ org }},{{ nlu_ldap_base }}"
--- a/tasks/ldap_user_inc.yml
+++ b/tasks/ldap_user_inc.yml
@@ -4,13 +4,15 @@
      firstname: "{{ item.firstname }}"
      lastname: "{{ item.lastname }}"
      email: "{{ item.email }}"
-      dn: "uid={{ item.firstname |lower }}, ou={{ org }},{{ ldap_base }}"
+      group: "{{ item.group | default ('') }}"
      dn: "uid={{ item[ nlu_dn_attribute ] |lower }},{{ nlu_ldap_user_dn }}"
      password: "{{ (item.password=='')| ternary(lookup('community.general.random_string', min_lower=1, min_upper=1, special=false,min_numeric=1, length=14), item.password ) }}"
  - name: "add ldap account {{dn }}"
    community.general.ldap_entry:
-      bind_dn: "{{ binddn }}"
+      server_uri: "{{ nlu_ldap_uri }}"
-      bind_pw: "{{ bindpwd }}"
+      bind_dn: "{{ nlu_ldap_binddn }}"
      bind_pw: "{{ nlu_ldap_bindpw }}"
      dn: "{{ dn }} "
      state: present
      objectClass:
@@ -21,13 +23,27 @@
        sn: "{{ lastname | default( firstname ) }}"
        cn: "{{ firstname }}"
        mail: "{{ email }}"
        uid: "{{ firstname | lower }}"
        PreferredDeliveryMethod: any
        displayName: "{{ firstname }} {{ lastname }}"
        userPassword: "{{ password }}"
    register: result
-  - name: display
+  - name: "add account to group"
-    debug:
+    when: group != ""
-      msg: "{{ firstname }} created with password >{{ password }}<"
+    community.general.ldap_attrs:
      server_uri: "{{ nlu_ldap_uri }}"
      dn: "cn={{ group }},{{ nlu_ldap_group_dn }}"
      bind_dn: "{{ nlu_ldap_binddn }}"
      bind_pw: "{{ nlu_ldap_bindpw }}"
      attributes:
        member: "{{ dn }}"
  - name: "account recap"
    ansible.builtin.lineinfile:
      path: "tmppassword.csv"
      state: present
      create: true
      line: "{{ item[ nlu_dn_attribute ] }},{{ password }}"
    delegate_to: localhost
    become: false
    when: result.changed
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,18 +1,10 @@
 ---
-# ansible-playbook /etc/ansible/Playbooks/new_ldap_user.yml  -K --ask-vault-pass
+  - name: "add ldap ou ou={{ org }},{{ ldap_base }}"
 # --extra-vars="file=account.csv"
  - name: set some vars
    ansible.builtin.set_fact:
      binddn: "{{ lookup( 'viczem.keepass.keepass', 'opendoor/collidine_ldap_password', 'username' ) }}"
      bindpwd:  "{{ lookup( 'viczem.keepass.keepass', 'opendoor/collidine_ldap_password', 'password' ) }}"
    tags: always
    when: binddn is not defined
  - name: add ldap ou
    community.general.ldap_entry:
-      dn: "ou={{ org }},{{ ldap_base }}"
+      server_uri: "{{ nlu_ldap_uri }}"
-      bind_dn: "{{ binddn }}"
+      dn: "ou={{ org }},{{ nlu_ldap_base }}"
-      bind_pw: "{{ bindpwd }}"
+      bind_dn: "{{ nlu_ldap_binddn }}"
      bind_pw: "{{ nlu_ldap_bindpw }}"
      objectClass:
       - organizationalUnit
       - top
Author	SHA1	Message	Date
Thomas Constans	0f83b66f0e	now we can set up server uri, group and user branches	2026-01-12 16:23:06 +01:00
Thomas Constans	5f7b68fb44	ldap groupdn now a var	2025-11-04 17:09:20 +01:00
Thomas Constans	d54bce8e75	typo	2025-11-04 14:32:30 +01:00
Thomas Constans	76fab810b0	added group support	2025-09-17 11:36:24 +02:00
Thomas Constans	15914b17b7	add default valut for dn value	2024-09-23 16:56:47 +02:00
Thomas Constans	88828eed33	nlu_dn_attribut permit to choose DN attribute	2024-05-13 23:50:19 +02:00
Thomas Constans	15fe4a5eb0	new variable so we can chose attribute used for DN	2024-05-13 14:49:38 +02:00
Thomas Constans	dff28b8327	Merge branch 'master' of ssh://infra.opendoor.fr:2222/tom/ansible_new_ldap_user	2024-04-22 11:36:35 +02:00
Thomas Constans	9cf15956d4	org not needed in account.csv create tmp password recap file upon account creation	2024-04-22 11:35:21 +02:00
Thomas Constans	098db65774	org not needed in account.csv wip : create tmp password recap file upon account creation	2024-04-22 11:27:11 +02:00
Thomas Constans	e34712e2d5	add example, test passwordless account	2024-03-20 10:41:26 +01:00