## Install and configure slapd.
---
- name: check if domain name is available
  fail: msg="The machine's domain must not be empty."
  when: ansible_domain | length == 0

- name: check if slapd is already set up
  stat: path=/usr/sbin/slapd
  register: slapd

- name: install and configure slapd
  include_tasks: setup.yml
  when: not slapd.stat.exists

#######################################################################################
## Use the admin password saved to file (available also after installation):
- name: slurp admin password
  slurp:
    src: "{{ ldap_admin_pwd_file }}"
  register: ldap_admin_pwd
  no_log: true

## Prepare user directories
- name: make sure we have a people entry for users
  ldap_entry:
    dn: "ou=people,{{ basedn }}"
    objectClass: organizationalUnit
    bind_dn: "cn=admin,{{ basedn }}"
    bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"

- name: make sure we have a group entry for users
  ldap_entry:
    dn: "ou=groups,{{ basedn }}"
    objectClass: organizationalUnit
    bind_dn: "cn=admin,{{ basedn }}"
    bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"


- name: add group for ldap users
  ldap_entry:
    dn: "cn=ldapuser,ou=groups,{{ basedn }}"
    objectClass:
      - posixGroup
    attributes:
      gidNumber: "{{ ldapuser_gid }}"
    bind_dn: "cn=admin,{{ basedn }}"
    bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"


- name: provide simple script to manage ldap/kdc
  template:
    src: debian-lan.j2
    dest: /usr/local/sbin/debian-lan
    mode: 0744

- name: allow ldap service in firewalld
  firewalld:
    zone: internal
    service: ldap
    permanent: true
    immediate: true
    state: enabled

- name: add dummy user foo
  ldap_entry:
    dn: "uid=foo,ou=people,{{ basedn }}"
    objectClass:
      - inetOrgPerson
      - posixAccount
    attributes:
      cn: foo
      sn: bar
      userPassword: "{{ foo_pwd }}"
      uidNumber: "{{ min_id }}"
      gidNumber: "{{ min_id }}"
      homeDirectory: "{{ lan_homes }}/foo"
      loginShell: /bin/bash
    bind_dn: "cn=admin,{{ basedn }}"
    bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
  when: foo_pwd is defined and foo_pwd | length > 0

- name: add dummy group foo
  ldap_entry:
    dn: "cn=foo,ou=groups,{{ basedn }}"
    objectClass:
      - posixGroup
    attributes:
      gidNumber: "{{ min_id }}"
    bind_dn: "cn=admin,{{ basedn }}"
    bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
  when: foo_pwd is defined and foo_pwd | length > 0