ansible-role-openldap-docker/tasks/provider.yml

---
# En este archivo se configura el provider en un esquema
# de replicación delta-syncrepl.
# Ver https://openldap.org/doc/admin24/replication.html#Delta-syncrepl

- name: "Habilitar módulos syncprov y accesslog"
  ldap_attr:
    dn: "cn=module{0},cn=config"
    name: "olcModuleLoad"
    values: >-
      [ {% if openldap_enable_memberof %}
      "{2}syncprov", "{3}accesslog" {% else %}
      "{1}syncprov", "{2}accesslog" {% endif %} ]
    bind_dn: "cn=admin,cn=config"
    bind_pw: "{{ openldap_admin_password }}"
    server_uri: "ldap://localhost:{{ openldap_bind_port }}"

- name: "Crear directorio para db accesslog"
  file:
    path: "{{ openldap_accesslog_dir }}"
    state: "directory"
    owner: "openldap"
    group: "openldap"

- name: "Configurar base cn=accesslog"
  ldap:
    dn: "olcDatabase=mdb,cn=config"
    dn_relative: yes
    filter: "(olcSuffix=cn=accesslog)"
    objectClass:
      - "olcDatabaseConfig"
      - "olcMdbConfig"
    attributes:
      olcRootDN: "{{ openldap_accesslog_admin_dn }}"
      olcDbMaxSize: "8589934592"
      olcSuffix: "cn=accesslog"
      olcDbDirectory: "{{ openldap_accesslog_dir }}"
      olcAccess:
        - "{0}to * by dn=\"{{ openldap_replicator_dn }}\" read"
      olcLimits:
        - >-
          {0}dn.exact="{{ openldap_replicator_dn }}"
          time.soft=unlimited
          time.hard=unlimited
          size.soft=unlimited
          size.hard=unlimited
        - >-
          {1}dn.exact="{{ openldap_accesslog_admin_dn }}"
          time.soft=unlimited
          time.hard=unlimited
          size.soft=unlimited
          size.hard=unlimited
    bind_dn: "cn=admin,cn=config"
    bind_pw: "{{ openldap_admin_password }}"
    server_uri: "ldap://localhost:{{ openldap_bind_port }}"
  register: accesslog_entry

- name: "Configurar base olcOverlay=syncprov,{{ accesslog_entry.dn }}"
  ldap:
    dn: "olcOverlay=syncprov,{{ accesslog_entry.dn }}"
    dn_relative: yes
    objectClass:
      - "olcOverlayConfig"
      - "olcSyncProvConfig"
    attributes:
      olcSpNoPresent: "TRUE"
      olcSpReloadHint: "TRUE"
    bind_dn: "cn=admin,cn=config"
    bind_pw: "{{ openldap_admin_password }}"
    server_uri: "ldap://localhost:{{ openldap_bind_port }}"

# Esto se debe agregar luego del overlay, por eso va aparte
- name: "Configurar propiedad olcDbIndex de {{ accesslog_entry.dn }}"
  ldap_attr:
    dn: "{{ accesslog_entry.dn }}"
    name: "olcDbIndex"
    values:
      - "default eq"
      - "entryCSN,objectClass,reqEnd,reqResult,reqStart"
    bind_dn: "cn=admin,cn=config"
    bind_pw: "{{ openldap_admin_password }}"
    server_uri: "ldap://localhost:{{ openldap_bind_port }}"