feat: add 389ds ldap backend to keycloak

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>

roles/389ds/tasks/main.yml

@@ -29,4 +29,48 @@
 - name: Start 389ds container
   community.docker.docker_compose_v2:
     project_src: "{{ ds389_docker_compose_dir }}"
-    state: present
+    state: present
+
+- name: Wait for LDAP to be ready
+  shell: >
+    docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml
+    exec -T {{ ds389_service_name }} ldapsearch -H ldap://localhost:3389 -x
+    -D "{{ ds389_root_dn }}" -w "{{ ds389_root_password }}"
+    -b "" -s base "(objectClass=*)"
+  register: ds389_ldap_ready
+  retries: 30
+  delay: 2
+  until: ds389_ldap_ready.rc == 0
+  changed_when: false
+  no_log: true
+
+- name: Ensure backend and suffix exist
+  shell: >
+    docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml
+    exec -T {{ ds389_service_name }} dsconf localhost backend create
+    --suffix "{{ ds389_suffix }}" --be-name userroot --create-suffix
+  register: ds389_backend_result
+  failed_when:
+    - ds389_backend_result.rc != 0
+    - "'already exists' not in ds389_backend_result.stderr"
+    - "'suffix exists' not in ds389_backend_result.stderr"
+  changed_when: ds389_backend_result.rc == 0
+
+- name: Template base OUs LDIF
+  template:
+    src: base-ous.ldif.j2
+    dest: "{{ ds389_docker_volume_dir }}/data/base-ous.ldif"
+    mode: '0644'
+
+- name: Apply base OUs LDIF
+  shell: >
+    docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml
+    exec -T {{ ds389_service_name }} ldapadd -H ldap://localhost:3389 -x
+    -D "{{ ds389_root_dn }}" -w "{{ ds389_root_password }}"
+    -f /data/base-ous.ldif
+  register: ds389_ldapadd_result
+  failed_when:
+    - ds389_ldapadd_result.rc != 0
+    - "'Already exists' not in ds389_ldapadd_result.stderr"
+  changed_when: "'Already exists' not in ds389_ldapadd_result.stderr"
+  no_log: true