Init new ldap server role

2026-01-23 16:26:39 -07:00
parent d18353d2ae
commit 7a377c09e0
7 changed files with 153 additions and 80 deletions
--- a/ansible/roles/openldap_server/tasks/schemas.yaml
+++ b/ansible/roles/openldap_server/tasks/schemas.yaml
@@ -0,0 +1,31 @@
+- name: List existing schemas
+  command: >
+    ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
+  register: ldap_schemas
+  changed_when: false
+
+- name: Load cosine schema
+  command: >
+    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
+  when: "'cn=cosine,cn=schema,cn=config' not in ldap_schemas.stdout"
+
+- name: Load inetorgperson schema
+  command: >
+    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
+  when: "'cn=inetorgperson,cn=schema,cn=config' not in ldap_schemas.stdout"
+
+- name: Load nis schema
+  command: >
+    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
+  when: "'cn=nis,cn=schema,cn=config' not in ldap_schemas.stdout"
+
+- name: Load sudo schema
+  command: >
+    ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/share/doc/sudo/schema.OpenLDAP
+  when: "'cn=sudo,cn=schema,cn=config' not in ldap_schemas.stdout"
+
+- name: Load OpenSSH public key schema
+  command: >
+    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/openssh-lpk.ldif
+  when: "'cn=openssh-lpk,cn=schema,cn=config' not in ldap_schemas.stdout"
+