now we can set up server uri, group and user branches

ldap groupdn now a var
typo
2026-01-12 16:23:06 +01:00 · 2025-11-04 17:09:20 +01:00 · 2025-11-04 14:32:30 +01:00 · 2025-09-17 11:36:24 +02:00 · 2024-09-23 16:56:47 +02:00 · 2024-05-13 23:50:19 +02:00
4 changed files with 37 additions and 25 deletions
--- a/README.md
+++ b/README.md
@@ -10,17 +10,23 @@ keepass entry for opendoor/collidine_ldap_password

 Role Variables
 --------------
-org: no default
-ldap_base - from group variables
-binddn - from group variables
-bindpwd - from group variables
-file : default account.csv csv file containing user to create:
+
+  * org: no default
+  * nlu_ldap_base - from group variables
+  * nlu_ldap_group_dn - from group variables
+  * nlu_ldap_user_dn - default to ou={{ org }},{{ nlu_ldap_base }}
+  * nlu_ldap_uri - default ldapi:///
+  * nlu_dn_attribute - firstname or email - default to email
+  * binddn - from group variables
+  * bindpwd - from group variables
+  * file : default account.csv csv file containing user to create:

 ```csv
-firstname,lastname,email,[password]
+firstname,lastname,email,[password][group]
 ```
+password field optionnal - if empty will be generated automatically

-password field optionnal - if empty will be generated automatically - WIP
+group field optionnal - if not empty, user dn will be put as "member" of cn=group,org,basedn

 keep the final comma, though !

@@ -38,7 +44,7 @@ Including an example of how to use your role (for instance, with variables passe
      user: tom
      become: false
      roles:
-         - { role: tco.new_ldap_user, org=plop.fr,file: ~/Documents/Opendoor/Clients/Plop/account.csv }
+         - { role: tco.new_ldap_user, org=plop.fr,file: ~/Documents/Opendoor/Clients/Plop/account.csv , nlu_dn_attribute: email }

 License
 -------
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,5 @@
 ---
 # defaults file for tco.new_ldap_user
+nlu_dn_attribute: email
+nlu_ldap_uri: ldapi:///
+nlu_ldap_user_dn: "ou={{ org }},{{ nlu_ldap_base }}"
--- a/tasks/ldap_user_inc.yml
+++ b/tasks/ldap_user_inc.yml
@@ -4,13 +4,15 @@
      firstname: "{{ item.firstname }}"
      lastname: "{{ item.lastname }}"
      email: "{{ item.email }}"
-      dn: "uid={{ item.firstname |lower }}, ou={{ org }},{{ ldap_base }}"
+      group: "{{ item.group | default ('') }}"
+      dn: "uid={{ item[ nlu_dn_attribute ] |lower }},{{ nlu_ldap_user_dn }}"
      password: "{{ (item.password=='')| ternary(lookup('community.general.random_string', min_lower=1, min_upper=1, special=false,min_numeric=1, length=14), item.password ) }}"

  - name: "add ldap account {{dn }}"
    community.general.ldap_entry:
-      bind_dn: "{{ binddn }}"
-      bind_pw: "{{ bindpwd }}"
+      server_uri: "{{ nlu_ldap_uri }}"
+      bind_dn: "{{ nlu_ldap_binddn }}"
+      bind_pw: "{{ nlu_ldap_bindpw }}"
      dn: "{{ dn }} "
      state: present
      objectClass:
@@ -21,18 +23,27 @@
        sn: "{{ lastname | default( firstname ) }}"
        cn: "{{ firstname }}"
        mail: "{{ email }}"
-        uid: "{{ firstname | lower }}"
        PreferredDeliveryMethod: any
        displayName: "{{ firstname }} {{ lastname }}"
        userPassword: "{{ password }}"
    register: result

+  - name: "add account to group"
+    when: group != ""
+    community.general.ldap_attrs:
+      server_uri: "{{ nlu_ldap_uri }}"
+      dn: "cn={{ group }},{{ nlu_ldap_group_dn }}"
+      bind_dn: "{{ nlu_ldap_binddn }}"
+      bind_pw: "{{ nlu_ldap_bindpw }}"
+      attributes:
+        member: "{{ dn }}"
+
  - name: "account recap"
    ansible.builtin.lineinfile:
      path: "tmppassword.csv"
      state: present
      create: true
-      line: "{{ firstname | lower }},{{ password }}"
+      line: "{{ item[ nlu_dn_attribute ] }},{{ password }}"
    delegate_to: localhost
    become: false
    when: result.changed
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,18 +1,10 @@
 ---
-# ansible-playbook /etc/ansible/Playbooks/new_ldap_user.yml  -K --ask-vault-pass
-# --extra-vars="file=account.csv"
-  - name: set some vars
-    ansible.builtin.set_fact:
-      binddn: "{{ lookup( 'viczem.keepass.keepass', 'opendoor/collidine_ldap_password', 'username' ) }}"
-      bindpwd:  "{{ lookup( 'viczem.keepass.keepass', 'opendoor/collidine_ldap_password', 'password' ) }}"
-    tags: always
-    when: binddn is not defined
-
  - name: "add ldap ou ou={{ org }},{{ ldap_base }}"
    community.general.ldap_entry:
-      dn: "ou={{ org }},{{ ldap_base }}"
-      bind_dn: "{{ binddn }}"
-      bind_pw: "{{ bindpwd }}"
+      server_uri: "{{ nlu_ldap_uri }}"
+      dn: "ou={{ org }},{{ nlu_ldap_base }}"
+      bind_dn: "{{ nlu_ldap_binddn }}"
+      bind_pw: "{{ nlu_ldap_bindpw }}"
      objectClass:
       - organizationalUnit
       - top
Author	SHA1	Message	Date
Thomas Constans	0f83b66f0e	now we can set up server uri, group and user branches	2026-01-12 16:23:06 +01:00
Thomas Constans	5f7b68fb44	ldap groupdn now a var	2025-11-04 17:09:20 +01:00
Thomas Constans	d54bce8e75	typo	2025-11-04 14:32:30 +01:00
Thomas Constans	76fab810b0	added group support	2025-09-17 11:36:24 +02:00
Thomas Constans	15914b17b7	add default valut for dn value	2024-09-23 16:56:47 +02:00
Thomas Constans	88828eed33	nlu_dn_attribut permit to choose DN attribute	2024-05-13 23:50:19 +02:00
Thomas Constans	15fe4a5eb0	new variable so we can chose attribute used for DN	2024-05-13 14:49:38 +02:00