role slapd: can load additionnal schema and load arbitrary ldif files to be put in template directory

README.md

@@ -21,6 +21,8 @@ defined in vars/main.yml and vars/CentOS.yml
     adapt to other distro
   * ldap_service     - name of service unit file - slapd
   * ldap_user        - slapd service account
+  * import_data      - bool - control wether we import initial data from LDIF files you will have put in templates subdirectory. Default No
+  * ldap_schemas     - list of additionnal schema names to load - default cosine
 
 Dependencies
 ------------
@@ -35,14 +37,19 @@ Including an example of how to use your role (for instance, with variables passe
       - hosts: servers
       roles:
          - role: slapd
-           ldap_domain: example
+           vars:
-           ldap_domain_ex: net
+              ldap_domain: example
+              ldap_domain_ex: net
+              import_data: true
+              ldap_schemas:
+              - cosine
+              - nis
+              - inetorgperson
 
 License
 -------
 
 BSD
-
 Author Information
 ------------------
 

defaults/main.yml

@@ -4,3 +4,6 @@ ldap_domain: example
 ldap_domain_ext: fr
 ldap_suffix: "{{ ldap_domain }},{{ ldap_domain_ext }}"
 ldap_root_dn: cn=root,{{ ldap_suffix }}
+import_data: false
+ldap_schemas:
+ - cosine

tasks/import_ldap_schema.yml

@@ -0,0 +1,12 @@
+- name: debug
+  debug:
+     msg: "schema {{ schema }}"
+
+- name: check if schema is loaded
+  command: "ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
+  register: ldap_schema_list
+
+- name: import additional schemas
+  command: "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/{{ schema }}.ldif"
+  when: schema not in ldap_schema_list.stdout
+

tasks/main.yml

@@ -25,14 +25,11 @@
     olcRootDN: "{{ ldap_admin_dn }}"
     olcRootPW: "{{ ldap_admin_password }}"
 
-- name: check if schema cosine is loaded
+- name: load additionnal schema
-  stat:
+  include_tasks: import_ldap_schema.yml
-    path: /etc/openldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif
+  loop: "{{ ldap_schemas }}"
-  register: result
+  loop_control:
-
+    loop_var: schema
-- name: import mandatory schema
-  command: "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif"
-  when: result.stat.exists==False
 
 - name: create suffix
   ldap_entry:
@@ -54,4 +51,31 @@
   copy:
     dest: /root/.ldap.secrets
     mode: 0600
-    content: "{{ ldap_admin_password }}"
+    content: "{{ ldap_admin_password }}"
+
+- name: import data
+  block:
+  - name:  create initial directory
+    file:
+      path: /root/Ldif
+      state: directory
+      mode: 0700
+
+  - name: send ldif files
+    template:
+      src: "{{ item }}"
+      dest: /root/Ldif/
+      mode: 0600
+    with_fileglob: "templates/[0-9]*.ldif"
+
+  - name: get list of ldif files
+    find:
+      paths: /root/Ldif
+      patterns: "*.ldif"
+      file_type: file
+    register: ldif_list
+
+  - name: import ldif files
+    command: "ldapadd -y /root/.ldap.secrets -xD {{ ldap_admin_dn }} -f {{ item .path}}"
+    with_items: "{{ ldif_list.files }}"
+  when: import_data == true

templates/0_branches.ldif

@@ -0,0 +1,8 @@
+dn: ou=users,{{ldap_suffix}}
+objectclass: organizationalUnit
+
+dn: ou=groups,{{ldap_suffix}}
+objectclass: organizationalUnit
+
+dn: ou=hosts,{{ldap_suffix}}
+objectclass: organizationalUnit

templates/1_users.ldif

@@ -0,0 +1,25 @@
+dn: uid=thomas,ou=users,{{ldap_suffix }}
+objectClass: shadowAccount
+objectClass: posixAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+shadowWarning: 10
+shadowInactive: 10
+shadowMin: 1
+shadowMax: 365
+shadowLastChange: 15996
+homeDirectory: /home/thomas
+loginShell: /bin/bash
+uid: thomas
+cn: thomas constans
+uidNumber: 10003
+gidNumber: 100
+sn: constans
+givenName: thomasizationalUnit
+
+dn: ou=groups,{{ldap_suffix}}
+objectclass: organizationalUnit
+
+dn: ou=hosts,{{ldap_suffix}}
+objectclass: organizationalUnit