commit 0113277fd10f89f609346a829cfd2cf22150f09f
Author: Denis Knauf <deac@denkn.at>
Date:   Sat Nov 7 23:12:01 2020 +0100

    init

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d2c649f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,24 @@
+# ---> Ansible
+*.retry
+
+# ---> Vim
+# Swap
+[._]*.s[a-v][a-z]
+!*.svg  # comment out if you don't need vector files
+[._]*.sw[a-p]
+[._]s[a-rt-v][a-z]
+[._]ss[a-gi-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+Sessionx.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags
+# Persistent undo
+[._]*.un~
+
diff --git a/README.adoc b/README.adoc
new file mode 100644
index 0000000..7796c52
--- /dev/null
+++ b/README.adoc
@@ -0,0 +1,43 @@
+OpenLDAP
+========
+
+Primary for using as `ldapi://` for example for mail-servers.
+
+Requirements
+------------
+
+You need to have debian (or compatible, like ubuntu) or alpine already installed.
+
+* sshd
+
+Role Variables
+--------------
+
+ldap_basedn::
+Your basedn like `cn=example,cn=org`.
+
+Example Playbook
+----------------
+
+----
+---
+# vim: set expandtab tabstop=2 shiftwidth=2:
+
+- hosts: ldapserver
+  remote_user: root
+  become: false
+
+  tasks:
+  - import_role:
+      name: denkn.ldapi
+----
+
+License
+-------
+
+AGPLv3
+
+Author Information
+------------------
+
+Denis Knauf - https://git.denkn.at/deac/ansible-role-ldapi
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..6a17628
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for ldap
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..6b21127
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for ldap
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..227ad9c
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,53 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.9
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
+  
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..c8305be
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,107 @@
+---
+# vim: set expandtab tabstop=2 shiftwidth=2:
+
+- name: install openldap
+  apt:
+    name:
+    - slapd
+    - ldap-utils
+    - python-ldap
+
+- name: fix acl
+  ldap_attr:
+    name: olcAccess
+    dn: olcDatabase={1}mdb,cn=config
+    state: exact
+    values:
+    - >-
+      {0}to attrs=userPassword,shadowLastChange
+      by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write
+      by self write
+      by anonymous auth
+      by * none
+    - >-
+      {1}to dn.base="" by * read
+    - >-
+      {2}to *
+      by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write
+      by * read
+- name: set crypto
+  ldap_attr:
+    dn: cn=config
+    name: "{{item.key}}"
+    state: exact
+    values: "{{item.value}}"
+  with_dict:
+    olcPasswordHash: '{CRYPT}'
+    olcPasswordCryptSaltFormat: "$6$rounds=8000$%.16s"
+
+- name: set base DN
+  ldap_attr:
+    dn: 'olcDatabase=\{{{ldap_database_index|default(1)}}\}mdb,cn=config'
+    name: "{{item.key}}"
+    state: exact
+    values: "{{item.value}}"
+  with_dict:
+    olcSuffix: "{{ldap_basedn}}"
+    olcRootDN: "cn=root,{{ldap_basedn}}"
+
+- name: base DN exists?
+  shell: ldapsearch -H ldapi:// -Y external -LLL -b {{ldap_basedn|quote}}
+  register: basedn_check
+  changed_when: no
+  failed_when: "basedn_check.rc != 0 and basedn_check.rc != 32"
+- name: "Base DN {{'exists' if basedn_check.rc == 0 else 'does not exists'}}"
+  set_fact:
+    basedn_exists: "{{basedn_check.rc == 0}}"
+
+- name: prepare base DN
+  when: not basedn_exists
+  block:
+  - name: generate root password
+    set_fact:
+      root_passwort: '{{lookup("password", "/dev/null chars=ascii_letters,digits,hexdigits length=20")}}'
+  - debug: var=root_passwort
+  - debug: var=root_passwort
+  - name: add base DN
+    become: yes
+    become_user: openldap
+    shell: slapadd -v
+    args:
+      stdin: |
+        dn: {{ldap_basedn}}
+        objectClass: top
+        objectClass: dcObject
+        objectClass: organization
+        dc: {{ldap_basedn | regex_replace('^[^=]+=([^,]+).*', '\1')}}
+        o:  {{ldap_basedn | regex_replace('^[^=]+=([^,]+).*', '\1')}}
+
+        dn: ou=People,{{ldap_basedn}}
+        objectClass: top
+        objectClass: organizationalUnit
+        structuralObjectClass: organizationalUnit
+        ou: People
+
+        dn: ou=Groups,{{ldap_basedn}}
+        objectClass: top
+        objectClass: organizationalUnit
+        structuralObjectClass: organizationalUnit
+        ou: Groups
+
+        dn: cn=root,{{ldap_basedn}}
+        objectClass: simpleSecurityObject
+        objectClass: organizationalRole
+        structuralObjectClass: organizationalRole
+        cn: root
+        description: LDAP administrator
+        userPassword: highsecure
+
+#  - name: update in ldap.conf
+#    lineinfile:
+#      path: /etc/ldap/ldap.conf
+#      regexp: "^{{item.key}}"
+#      insertafter: "^#{{item.key}}"
+#      line: "{{item.key}} {{item.value}}"
+#    with_dict:
+#      BASE: '{{ldap_basedn}}'
+#      URI: ldapi://
diff --git a/tests/inventory b/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/tests/test.yml b/tests/test.yml
new file mode 100644
index 0000000..2789047
--- /dev/null
+++ b/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - ldapi
\ No newline at end of file
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 0000000..58ee37f
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for ldap