d4science-gcube: work on a ldap playbook.

library/roles/openldap-server: role that installs and configure an openldap 2.4+ server.
infrastructure-services/roles/smtp_relay_nagios_monitoring: nagios checks to monitor the smtp relay.

openldap-server/defaults/main.yml

@@ -11,11 +11,16 @@ openldap_slapd_tcp_port: 389
 openldap_slapd_ssl_port: 636
 openldap_slapd_ssl_only: False
 
+# Schemas automatically added:
+# core.ldif
+# cosine.ldif
+# inetorgperson.ldif
+# nis.ldif
+#openldap_additional_schemas:
+#  - dyngroup.ldif
+
 # Set slapd_admin_pwd in a vault file
 slapd_debconf_params:
-  - { question: 'slapd/password1', value: '{{ slapd_admin_pwd }}', vtype: 'password' }
-  - { question: 'slapd/password2', value: '{{ slapd_admin_pwd }}', vtype: 'password' }
-  - { question: 'slapd/internal/adminpw', value: '{{ slapd_admin_pwd }}', vtype: 'password' }
   - { question: 'slapd/no_configuration', value: 'false', vtype: 'boolean' }
   - { question: 'shared/organization', value: 'Organization', vtype: 'text' }
   - { question: 'slapd/purge_database', value: 'false', vtype: 'boolean' }

openldap-server/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- include: openldap_packages.yml
+- include: openldap_initializazion.yml
+  when: openldap_service_enabled

openldap-server/tasks/openldap_initializazion.yml

@@ -0,0 +1,39 @@
+---
+- name: Create a basic configuration
+  debconf: name=slapd question='{{ item.question }}' value='{{ item.value }}' vtype='{{ item.vtype }}'
+  with_items: slapd_debconf_params
+  when: openldap_service_enabled
+  tags: [ 'ldap_server', 'ldap', 'ldap_conf' ]
+
+- name: Generate the local admin password
+  shell: slappasswd -h {SSHA} -s {{ slapd_admin_pwd }} > /root/.slapdadmin ; chmod 400 /root/.slapdadmin
+  args:
+    creates: /root/.slapdadmin
+  when: slapd_admin_pwd is defined
+  register: admin_pass_file
+  tags: [ 'ldap_server', 'ldap', 'ldap_conf' ]
+
+- name: Copy the ldif template to set the admin password
+  template: src=adminpwd.ldif.j2 dest=/etc/ldap/adminpwd_ldif.tmpl
+  when: slapd_admin_pwd is defined
+  tags: [ 'ldap_server', 'ldap', 'ldap_conf' ]
+
+- name: Create the ldif file to set the admin password
+  shell: ADMIN_PASS=$( cat /root/.slapdadmin ); sed -e "s/@ADMINPWD@/${ADMIN_PASS}/" /etc/ldap/adminpwd_ldif.tmpl > /etc/ldap/adminpwd.ldif ; chmod 400 /etc/ldap/adminpwd.ldif
+  when: slapd_admin_pwd is defined
+  tags: [ 'ldap_server', 'ldap', 'ldap_conf' ]
+
+- name: Finally set the admin password
+  shell: ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/adminpwd.ldif
+  when: ( admin_pass_file | changed )
+  tags: [ 'ldap_server', 'ldap', 'ldap_conf' ]
+
+- name: Install some additional schemas
+  shell: ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/{{ item }} ; touch /etc/ldap/schema/{{ item }}.installed
+  args:
+    creates: '/etc/ldap/schema/{{ item }}.installed'
+  with_items: openldap_additional_schemas
+  when: openldap_additional_schemas is defined
+  tags: [ 'ldap_server', 'ldap', 'ldap_conf' ]
+
+  

openldap-server/tasks/openldap_packages.yml

@@ -0,0 +1,18 @@
+---
+  
+- name: Install the openldap server packages
+  apt: name={{ item }} state={{ openldap_pkg_state }}
+  with_items: openldap_pkg_list
+  tags: [ 'ldap_server', 'ldap' ]
+
+- name: Ensure that the slapd service is enabled and running
+  service: name=slapd state=started enabled=yes
+  when: openldap_service_enabled
+  tags: [ 'ldap_server', 'ldap' ]
+
+- name: Ensure that the slapd service is disabled and stopped
+  service: name=slapd state=stopped enabled=no
+  when: not openldap_service_enabled
+  tags: [ 'ldap_server', 'ldap' ]
+
+

openldap-server/templates/adminpwd.ldif.j2

@@ -0,0 +1,4 @@
+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+replace: olcRootPW
+olcRootPW: @ADMINPWD@