#SPDX-License-Identifier: MIT-0
---
# tasks file for 389ds

- name: Create docker compose directory
  file:
    path: "{{ ds389_docker_compose_dir }}"
    state: directory
    mode: '0755'

- name: Create 389ds data directory
  file:
    path: "{{ ds389_docker_volume_dir }}/data"
    state: directory
    mode: '0755'

- name: Create 389ds config directory
  file:
    path: "{{ ds389_docker_volume_dir }}/config"
    state: directory
    mode: '0755'

- name: Create docker-compose file for 389ds
  template:
    src: docker-compose.yml.j2
    dest: "{{ ds389_docker_compose_dir }}/docker-compose.yml"
    mode: '0644'

- name: Start 389ds container
  community.docker.docker_compose_v2:
    project_src: "{{ ds389_docker_compose_dir }}"
    state: present

- name: Wait for LDAP to be ready
  shell: >
    docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml
    exec -T {{ ds389_service_name }} ldapsearch -H ldap://localhost:3389 -x
    -D "{{ ds389_root_dn }}" -w "{{ ds389_root_password }}"
    -b "" -s base "(objectClass=*)"
  register: ds389_ldap_ready
  retries: 30
  delay: 2
  until: ds389_ldap_ready.rc == 0
  changed_when: false
  no_log: true

- name: Ensure backend and suffix exist
  shell: >
    docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml
    exec -T {{ ds389_service_name }} dsconf localhost backend create
    --suffix "{{ ds389_suffix }}" --be-name userroot --create-suffix
  register: ds389_backend_result
  failed_when:
    - ds389_backend_result.rc != 0
    - "'already exists' not in ds389_backend_result.stderr"
    - "'suffix exists' not in ds389_backend_result.stderr"
  changed_when: ds389_backend_result.rc == 0

- name: Template base OUs LDIF
  template:
    src: base-ous.ldif.j2
    dest: "{{ ds389_docker_volume_dir }}/data/base-ous.ldif"
    mode: '0644'

- name: Apply base OUs LDIF
  shell: >
    docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml
    exec -T {{ ds389_service_name }} ldapadd -H ldap://localhost:3389 -x
    -D "{{ ds389_root_dn }}" -w "{{ ds389_root_password }}"
    -f /data/base-ous.ldif
  register: ds389_ldapadd_result
  failed_when:
    - ds389_ldapadd_result.rc != 0
    - "'Already exists' not in ds389_ldapadd_result.stderr"
  changed_when: "'Already exists' not in ds389_ldapadd_result.stderr"
  no_log: true