Digitalboard/digitalboard.core
5
2
Fork 0
Code Pull requests Releases Packages Activity Actions
digitalboard.core/roles/389ds/tasks/main.yml
Bert-Jan Fikse 12864a13b0
feat: add 389ds ldap backend to keycloak 
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 10:58:40 +01:00

76 lines
No EOL
2.3 KiB
YAML
Raw Blame History

#SPDX-License-Identifier: MIT-0
---
# tasks file for 389ds
- name: Create docker compose directory
file:
path: "{{ ds389_docker_compose_dir }}"
state: directory
mode: '0755'
- name: Create 389ds data directory
file:
path: "{{ ds389_docker_volume_dir }}/data"
state: directory
mode: '0755'
- name: Create 389ds config directory
file:
path: "{{ ds389_docker_volume_dir }}/config"
state: directory
mode: '0755'
- name: Create docker-compose file for 389ds
template:
src: docker-compose.yml.j2
dest: "{{ ds389_docker_compose_dir }}/docker-compose.yml"
mode: '0644'
- name: Start 389ds container
community.docker.docker_compose_v2:
project_src: "{{ ds389_docker_compose_dir }}"
state: present
- name: Wait for LDAP to be ready
shell: >
docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml
exec -T {{ ds389_service_name }} ldapsearch -H ldap://localhost:3389 -x
-D "{{ ds389_root_dn }}" -w "{{ ds389_root_password }}"
-b "" -s base "(objectClass=*)"
register: ds389_ldap_ready
retries: 30
delay: 2
until: ds389_ldap_ready.rc == 0
changed_when: false
no_log: true
- name: Ensure backend and suffix exist
shell: >
docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml
exec -T {{ ds389_service_name }} dsconf localhost backend create
--suffix "{{ ds389_suffix }}" --be-name userroot --create-suffix
register: ds389_backend_result
failed_when:
- ds389_backend_result.rc != 0
- "'already exists' not in ds389_backend_result.stderr"
- "'suffix exists' not in ds389_backend_result.stderr"
changed_when: ds389_backend_result.rc == 0
- name: Template base OUs LDIF
template:
src: base-ous.ldif.j2
dest: "{{ ds389_docker_volume_dir }}/data/base-ous.ldif"
mode: '0644'
- name: Apply base OUs LDIF
shell: >
docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml
exec -T {{ ds389_service_name }} ldapadd -H ldap://localhost:3389 -x
-D "{{ ds389_root_dn }}" -w "{{ ds389_root_password }}"
-f /data/base-ous.ldif
register: ds389_ldapadd_result
failed_when:
- ds389_ldapadd_result.rc != 0
- "'Already exists' not in ds389_ldapadd_result.stderr"
changed_when: "'Already exists' not in ds389_ldapadd_result.stderr"
no_log: true
View git blame Copy permalink