add openssh

ansible/roles/openldap_server/tasks/files/openssh-lpk.ldif

@@ -1,22 +0,0 @@
-#
-# LDAP Public Key Patch schema for use with openssh-ldappubkey
-#                              useful with PKA-LDAP also
-#
-# Author: Eric AUGE <eau@phear.org>
-# 
-# Based on the proposal of : Mark Ruijter
-#
-
-
-# octetString SYNTAX
-attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' 
-	DESC 'MANDATORY: OpenSSH Public key' 
-	EQUALITY octetStringMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-
-# printableString SYNTAX yes|no
-objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
-	DESC 'MANDATORY: OpenSSH LPK objectclass'
-	MUST ( sshPublicKey $ uid ) 
-	)
-

ansible/roles/openldap_server/tasks/files/openssh.ldif

@@ -1,16 +1,8 @@
-dn: cn=openssh,cn=schema,cn=config
+dn: cn=openssh-lpk-openldap,cn=schema,cn=config
 objectClass: olcSchemaConfig
-cn: openssh
-
-olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13
-  NAME 'sshPublicKey'
-  DESC 'OpenSSH Public key'
-  EQUALITY octetStringMatch
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-
-olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0
-  NAME 'ldapPublicKey'
-  DESC 'OpenSSH LPK object class'
-  SUP top
-  AUXILIARY
-  MAY ( sshPublicKey ) )
+olcAttributeTypes: {0}( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' D
+ ESC 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.
+ 1.4.1.1466.115.121.1.40 )
+olcObjectClasses: {0}( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' DE
+ SC 'MANDATORY: OpenSSH LPK objectclass' SUP top AUXILIARY MUST ( sshPublicK
+ ey $ uid ) )

ansible/roles/openldap_server/tasks/files/sudo.ldif

@@ -1,42 +0,0 @@
-dn: cn=sudo,cn=schema,cn=config
-objectClass: olcSchemaConfig
-cn: sudo
-
-# Attribute definitions for sudo
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.1
-  NAME 'sudoUser'
-  DESC 'SudoUser'
-  EQUALITY caseIgnoreMatch
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.2
-  NAME 'sudoHost'
-  DESC 'SudoHost'
-  EQUALITY caseIgnoreMatch
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.3
-  NAME 'sudoCommand'
-  DESC 'SudoCommand'
-  EQUALITY caseIgnoreMatch
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.4
-  NAME 'sudoRunAs'
-  DESC 'SudoRunAs'
-  EQUALITY caseIgnoreMatch
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.5
-  NAME 'sudoOption'
-  DESC 'SudoOption'
-  EQUALITY caseIgnoreMatch
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# sudoRole objectClass definition
-olcObjectClasses: ( 1.3.6.1.4.1.15953.9.1.6
-  NAME 'sudoRole'
-  DESC 'Sudo Role'
-  SUP top
-  AUXILIARY
-  MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption ) )

ansible/roles/openldap_server/tasks/schemas.yaml

@@ -32,24 +32,24 @@
 #    group: ldap
 #    mode: '0600'
 #
-#- name: Copy openssh schema into place
-#  copy:
-#    src: files/openssh.ldif
-#    dest: /etc/openldap/schema/openssh.ldif
-#    owner: ldap
-#    group: ldap
-#    mode: '0600'
+- name: Copy openssh schema into place
+  copy:
+    src: files/openssh.ldif
+    dest: /etc/openldap/schema/openssh.ldif
+    owner: ldap
+    group: ldap
+    mode: '0600'
 
-#- name: Ensure custom LDAP schemas (sudo + openssh) are loaded
-#  ansible.builtin.command: >
-#    ldapadd -Y EXTERNAL -H ldapi:/// -f {{ item.file }}
-#  args:
-#    creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
-#  loop:
+- name: Ensure custom LDAP schemas (sudo + openssh) are loaded
+  ansible.builtin.command: >
+    ldapadd -Y EXTERNAL -H ldapi:/// -f {{ item.file }}
+  args:
+    creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
+  loop:
     #- { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" }
-#    - { name: "openssh", file: "/etc/openldap/schema/openssh.ldif" }
-#  loop_control:
-#    label: "{{ item.name }}"
+    - { name: "openssh", file: "/etc/openldap/schema/openssh.ldif" }
+  loop_control:
+    label: "{{ item.name }}"
 
 # Touch marker files for idempotency (optional but recommended)
 - name: Ensure marker files exist