Update major version, it's now a real role ...

README.md

@@ -12,7 +12,7 @@ ldap_attr http://docs.ansible.com/ansible/ldap_attr_module.html
 
 Dependencies
 ------------
-Need role quinot.lookup_ldap to get information from ldap
+Need role quinot.lookup_ldap to get information from ldap (used only for UnixAccount to known which uidNumber are already used)
 
 Role Variables
 --------------
@@ -34,8 +34,21 @@ Example Playbook
 ----------------
 
 ## WebPeople
-
-Need to create a file (or via extra-vars ligne arguement) with variable needed : 
+enable it with job: webaccount
+```
+---
+- name: Create WebAccount
+  hosts: localhost
+  gather_facts: no
+  vars:
+    - job: webaccount
+    - mail: [email protected]
+    - description: "{{ ansible_date_time.date }}: create account for {{ mail }}"
+    - group_name: 'cn=wiki'
+  roles:
+    - ansible-ldap_entry
+```
+or you can create a configuration file and load (vars_file or  --extra-vars @file.yml)
 
 | variable | mandatory |default | description |
 |:--------:|:---------:|:------:|:------------|
@@ -47,7 +60,7 @@ Need to create a file (or via extra-vars ligne arguement) with variable needed :
 | group | no | | if "True" add the uid into cn=group,ou=Group... |
 
 ```
-ansible-playbook ldap_create_webpeople.yml --extra-vars @conf/webpeople.yml --extra-vars @conf/${USER}.yml --ask-vault
+ansible-playbook site.yml --extra-vars @conf/webpeople.yml --extra-vars @conf/${USER}.yml --ask-vault
 ```
 with file conf/webpeople.yml :
 ```
@@ -59,8 +72,21 @@ description: "2017/01/19 Ticket #9999 create account {{ uid }}"
 ```
 
 ## UnixAccount
+enable it with job: account
 
-Need to create a file (or via extra-vars ligne arguement) with variable needed :
+```
+- name: Create UnixAccount
+  hosts: localhost
+  gather_facts: yes
+  vars:
+  - job: account
+  vars_files:
+  - conf/people.yml
+  roles:
+  - ansible-ldap_entry
+```
+As need lot of variable, it's better to work from a variable file
+see sample files for exemples
 
 | variable | mandatory |default | description |
 |:--------:|:---------:|:------:|:------------|
@@ -79,25 +105,28 @@ Need to create a file (or via extra-vars ligne arguement) with variable needed :
 | group_access | no | | if "True" add the uid into cn=group,ou=Group. |
 
 ```
-ansible-playbook ldap_create_webpeople.yml --extra-vars @conf/webpeople.yml --extra-vars @conf/${USER}.yml --ask-vault
-```
-with file conf/webpeople.yml :
-```
-uid: test10
-sn: christian
-cn: CommonName
-mail: [email protected]
-description: "2017/01/19 Ticket #9999 create account {{ uid }}"
+ansible-playbook site.yml
+ansible-playbook site.yml --extra-vars @conf/people.yml --extra-vars @conf/${USER}.yml --ask-vault
 ```
 
 ## SSH Key
-* playbook : ldap_ssh_key.yml
+enable it with job: ssh
 
-Need to call it via :
 ```
-ansible-playbook ldap_ssh_key.yml --ask-vault-pass --extra-vars @conf/admin_user.yml
+- name: Update ssh key
+  hosts: localhost
+  gather_facts: yes
+  vars:
+  - job: ssh
+  - ou_people: "ou=FR,ou=Admins,ou=People"
+  vars_files:
+  - conf/admin_user2.yml
+  roles:
+  - role: ansible-ldap_entry
+    users: "{{ admin_users }}"
 ```
-Where the file contents a dictonnary of account with :
+
+Where the file contents a dictonnary of account with : (same syntax as cchurch.admin-users roles
 ```
 admin_users:
   - fullname: 'FirstName LastName'
@@ -108,6 +137,16 @@ admin_users:
     ...
 ```
 
+Note
+----
+if want to use {{ ansible_date_time.date }} in description, it's mandatory to use gather_facts: yes
+
+Known issue :
+- SSH module : TODO better detect non existing user
+  actualy add a simple failed_when: true
+  "msg": "Cannot search for attribute sshPublicKey" when the user don't exist
+- Unix Account : uid range is hardcode in task "create array or uidRange"
+
 License
 -------
 

defaults/main.yml

@@ -1,2 +1,37 @@
 ---
-# defaults file for ldap_entry
+# defaults file for ldap_entry
+# job can be one of :
+# - account
+# - webaccount
+# - ssh
+# by default, do nothing
+job: none
+
+# Ldap variable
+# For ldap_entry & ldap_attr
+dc: "dc=client,dc=com"
+server_uri: "ldap://localhost:389"
+
+ou_people: "ou=People"
+ou_group: "ou=Group"
+ou_webpeople: "ou=Web_People,ou=People"
+uid_min: 5000
+uid_max: 6000
+# Better to add them into a ansible-vault :
+bind_dn: uid=readonly,{{ ou_people }},{{ dc }}
+bind_pw: ToBeDefine
+
+# For ldap_lookup (aka ldapsearch), need for ldap_create_people.yml
+ldap_lookup_config:
+  url: "{{ server_uri }}"
+  base: "{{ dc }}"
+  binddn: "{{ bind_dn }}"
+  bindpw: "{{ bind_pw }}"
+  scope: subtree
+  filter: (objectClass=*)
+  tls_reqcert: never
+  # Get ALL UidNumber
+AllUidNumber:
+  base: "{{ ou_people }},{{ dc }}"
+  value:
+  - AllUidNumber: always_list=True

meta/main.yml

@@ -7,24 +7,27 @@ galaxy_info:
   platforms:
   - name: EL
     versions:
-      - all
-      - any
-      - 7
-      - 6
+    - all
+    - any
+    - 7
+    - 6
   - name: Debian
     versions:
-      - jessie
+    - jessie
   - name: RedHat
     versions:
-      - all
-      - any
-      - 7
-      - 6
+    - all
+    - any
+    - 7
+    - 6
   - name: Amazon
     version:
-      - 2016.09
-      - 2017.03
+    - 2016.09
+    - 2017.03
   galaxy_tags:
   - ldap
   - authentification
   - sssd
+# It's not a real roles , it's a lookup_plugins ...
+#dependencies:
+#  - role: quinot.lookup_ldap

samples/ldap_account.yml

@@ -0,0 +1,9 @@
+---
+- name: Create UnixAccount
+  hosts: localhost
+  gather_facts: yes
+  vars_files: 
+  - conf/people.yml
+  roles:
+  - role: ansible-ldap_entry
+    job: account

samples/ldap_ssh.yml

@@ -0,0 +1,12 @@
+---
+- name: Update ssh key
+  hosts: localhost
+  gather_facts: yes
+  vars: 
+  - job: ssh
+  - ou_people: "ou=FR,ou=Admins,ou=People"
+  vars_files: 
+  - conf/admin_user.yml
+  roles:
+  - role: ansible-ldap_entry
+    users: "{{ admin_users }}"

samples/ldap_webaccount.yml

@@ -0,0 +1,12 @@
+---
+- name: Create WebAccount
+  hosts: localhost
+  gather_facts: yes
+  vars: 
+  - job: webaccount
+  - mail: [email protected]
+  - description: "{{ ansible_date_time.date }}: #9999 create account"
+  - dc: "dc=client,dc=com"
+  - server_uri: "ldaps://ldap_serveur/"
+  roles:
+  - ansible-ldap_entry