make it work on debian

README.md

@@ -32,6 +32,7 @@ defined in vars/main.yml and vars/CentOS.yml
   * ldap_suffix      - constructed from variables above example.net
   * ldap_admin_dn    - cn=manager,{{ ldap_suffix }}
   * ldap_admin_password - 123Soleil - should be in a vault ...)
+  * ldap_admin_ssha_password -slappasswd -s version of above password
   * ldap_secret_file - default to /root/.ldap.secret
   * ldap_packages    - liste of packages - should be the only thing to change to
     adapt to other distro

defaults/main.yml

@@ -12,7 +12,7 @@ ldap_replication_provider: false
 ldap_schemas:
  - cosine
 ldap_have_ssl: true
-ldap_ssl_dir: /etc/openldap/certs/
+ldap_ssl_dir: "{{ ldap_config_dir }}/certs/"
 ldap_ssl_cert_path: "{{ ldap_ssl_dir }}/cert.pem"
 ldap_ssl_key_path: "{{ ldap_ssl_dir }}/key.pem"
 ldap_ssl_cacert_path: "{{ ldap_ssl_dir }}/cert.pem"
@@ -32,7 +32,7 @@ ldap_entries:
       olcModulePath: /usr/lib64/openldap/
       olcModuleLoad: auditlog.la
 
-  - dn: olcOverlay={0}auditlog,olcDatabase={2}hdb,cn=config
+  - dn: "olcOverlay={0}auditlog,{{ ldap_database }},cn=config"
     objectClass: 
       - olcOverlayConfig
       - olcAuditLogConfig
@@ -47,7 +47,7 @@ ldap_entries:
       olcModulePath: /usr/lib64/openldap/
       olcModuleLoad: memberof.la
 
-  - dn: olcOverlay={1}memberof,olcDatabase={2}hdb,cn=config
+  - dn: "olcOverlay={1}memberof,{{ ldap_database }},cn=config"
     objectClass:
       - olcConfig
       - olcOverlayConfig
@@ -62,7 +62,7 @@ ldap_entries:
       olcModulePath: /usr/lib64/openldap/
       olcModuleLoad: unique.la
 
-  - dn: olcOverlay={2}unique,olcdatabase={2}hdb,cn=config
+  - dn: "olcOverlay={2}unique,{{ ldap_database }},cn=config"
     objectClass: 
       - olcOverlayConfig
       - olcUniqueConfig

tasks/import_ldap_schema.yml

@@ -4,6 +4,6 @@
   changed_when: false
 
 - name: import additional schemas
-  command: "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/{{ schema }}.ldif"
+  command: "ldapadd -Y EXTERNAL -H ldapi:/// -f {{ ldap_config_dir }}/schema/{{ schema }}.ldif"
   when: schema not in ldap_schema_list.stdout
 

tasks/main.yml

@@ -23,7 +23,7 @@
 - name: configure client
   template:
     src: ldap.conf
-    dest: /etc/openldap/ldap.conf
+    dest: "{{ ldap_config_dir }}/ldap.conf"
     mode: 0644
 
 - name: activate service
@@ -36,47 +36,16 @@
   block:
   - name: remove existing acl
     ldap_attr:
-      dn: olcDatabase={2}hdb,cn=config
+      dn: "{{ ldap_database }},cn=config"
       name: olcaccess
       values: []
       state: exact
 
-  - name: admin, suffix and cache
-    ldap_attr:
-      dn: olcDatabase={2}hdb,cn=config
-      name: "{{ item.key }}"
-      values: "{{ item.value }}"
-      state: exact
-    with_dict:
-      olcSuffix: "{{ ldap_suffix }}"
-      olcRootDN: "{{ ldap_admin_dn }}"
-      olcRootPW: "{{ ldap_admin_password }}"
-      olcDbCheckpoint: "{{ ldap_checkpoint }}"
-      olcDbCacheSize: "{{ ldap_cache_size }}"
-      olcDbIDLCacheSize: "{{ ldap_idlcache_size }}"
-      olcAccess:
-        - >-
-          {0}to attrs=userPassword,mail
-          by self write
-          by anonymous auth
-          by * none
-        - >-
-          {1}to dn.sub={{ ldap_suffix }}
-          by users read
-          by * none
-    ignore_errors: true
-
-  - name: remove existing indexes
-    ldap_attr:
-      dn: olcDatabase={2}hdb,cn=config
-      values: []
-      name: olcDbIndex
-      state: exact
-
   - name: add indexes
     ldap_attr:
-      dn: olcDatabase={2}hdb,cn=config
+      dn: "{{ ldap_database }},cn=config"
       name: "olcDbIndex"
+      state: exact
       values: "{{ item }}"
     loop:
       - objectClass pres,eq
@@ -95,6 +64,7 @@
   loop:
   - olcDatabase={0}config,cn=config
   - olcDatabase={1}monitor,cn=config
+  ignore_errors: true
 
 - name: load additionnal schema
   include_tasks: import_ldap_schema.yml

tasks/replication_consumer.yml

@@ -1,7 +1,7 @@
 ---
 - name: add synrepl entry
   ldap_attr:
-    dn: olcDatabase={2}hdb,cn=config
+    dn: "{{ ldap_database }},cn=config"
     name: "{{ item.name }}"
     values: "{{ item.value }}"
   loop:

tasks/replication_provider.yml

@@ -23,7 +23,7 @@
 
 - name: add syncprov overlay config
   ldap_entry:
-    dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
+    dn: "olcOverlay=syncprov,{{ ldap_database }},cn=config"
     objectClass: olcSyncProvConfig
     attributes:
       olcOverlay: syncprov
@@ -38,7 +38,7 @@
 
 - name: add indexes for replication
   ldap_attr:
-    dn: olcdatabase={2}hdb,cn=config
+    dn: "{{ ldap_database }},cn=config"
     name: olcDbIndex
     values:
     - entryUUID eq

templates/change_suffix_and_dit_admin.ldif

@@ -1,4 +1,4 @@
-dn: olcDatabase={2}hdb,cn=config
+dn: "{{ ldap_database }},cn=config"
 changetype: modify
 replace: olcsuffix
 olcsuffix: {{ ldap_suffix }}
@@ -7,7 +7,7 @@ replace: olcrootdn
 olcrootdn: {{ ldap_admin_dn }}
 -
 replace: olcrootpw
-olcrootpw: {{ ldap_admin_password }}
+olcrootpw: {{ ldap_admin_ssha_password }}
 
 dn: olcDatabase={0}config,cn=config
 changetype: modify

vars/CentOS.yml

@@ -1,3 +1,5 @@
+ldap_database: 'olcdatabase={2}hdb'
+ldap_config_dir: /etc/openldap
 ldap_packages:
   - openldap-servers
   - openldap-clients

vars/CentOS8.yml

@@ -1,3 +1,5 @@
+ldap_database: 'olcdatabase={2}hdb'
+ldap_config_dir: /etc/openldap
 ldap_packages:
   - symas-openldap-servers
   - symas-openldap-clients

vars/Debian.yml

@@ -0,0 +1,9 @@
+ldap_database: 'olcdatabase={1}mdb'
+ldap_config_dir: /etc/ldap
+ldap_packages:
+  - slapd
+  - ldap-utils
+
+  - python-ldap
+ldap_service: slapd
+ldap_user: openldap