diff options
Diffstat (limited to 'roles/freeipa_server')
| -rw-r--r-- | roles/freeipa_server/files/usr/local/share/dirsrv/schema/matrix.ldif | 3 | ||||
| -rw-r--r-- | roles/freeipa_server/tasks/custom_schema.yml | 62 |
2 files changed, 62 insertions, 3 deletions
diff --git a/roles/freeipa_server/files/usr/local/share/dirsrv/schema/matrix.ldif b/roles/freeipa_server/files/usr/local/share/dirsrv/schema/matrix.ldif new file mode 100644 index 0000000..dc6a611 --- /dev/null +++ b/roles/freeipa_server/files/usr/local/share/dirsrv/schema/matrix.ldif @@ -0,0 +1,3 @@ +dn: cn=config +attributetypes: ( 2.25.10508909625911985622145696820691585120.2 NAME 'matrixUsername' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Extending FreeIPA' ) +objectclasses: ( 2.25.10508909625911985622145696820691585120.1 NAME 'matrixUser' AUXILIARY MAY matrixUsername X-ORIGIN 'Extending FreeIPA' ) diff --git a/roles/freeipa_server/tasks/custom_schema.yml b/roles/freeipa_server/tasks/custom_schema.yml index e5bca0d..73456e3 100644 --- a/roles/freeipa_server/tasks/custom_schema.yml +++ b/roles/freeipa_server/tasks/custom_schema.yml @@ -4,11 +4,16 @@ state: directory recurse: yes -- name: copy jid schema +- name: copy custom schemas copy: - src: '{{ freeipa_custom_schema_dir[1:] }}/jid.ldif' - dest: '{{ freeipa_custom_schema_dir }}/jid.ldif' + src: '{{ freeipa_custom_schema_dir[1:] }}/{{ item }}.ldif' + dest: '{{ freeipa_custom_schema_dir }}/{{ item }}.ldif' + loop: + - jid + - matrix + +# begin JIDObject schema - name: check if JIDObject exists in schema shell: ldapsearch -QLLL -s base -b cn=schema objectclasses | grep -q JIDObject changed_when: no @@ -54,6 +59,55 @@ bind_pw: '{{ freeipa_ds_password }}' server_uri: ldaps://{{ ipa_host }} when: jid_index.changed +# end JIDObject schema + +# begin matrixUser schema +- name: check if matrixUser exists in schema + shell: ldapsearch -QLLL -s base -b cn=schema objectclasses | grep -q matrixUser + changed_when: no + failed_when: no + register: ldapsearch_matrixuser + +- block: + - name: extend freeipa schema for matrix usernames + command: ipa-ldap-updater --schema-file '{{ freeipa_custom_schema_dir }}/matrix.ldif' + + - name: restart httpd + systemd: + name: httpd + state: restarted + when: ldapsearch_matrixuser.rc != 0 + +- name: add index to matrixUsername attribute + ldap_entry: + dn: 'cn=matrixUsername,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config' + objectClass: + - top + - nsIndex + attributes: + cn: matrixUsername + nsSystemIndex: false + nsIndexType: eq + bind_dn: cn=Directory Manager + bind_pw: '{{ freeipa_ds_password }}' + server_uri: ldaps://{{ ipa_host }} + register: matrixusername_index + +- name: regenerate indexes for matrixUsername attribute + ldap_entry: + dn: cn=matrixusernameindex,cn=index,cn=tasks,cn=config + objectClass: + - top + - extensibleObject + attributes: + cn: matrixusernameindex + nsInstance: userRoot + nsIndexAttribute: 'matrixUsername:eq' + bind_dn: cn=Directory Manager + bind_pw: '{{ freeipa_ds_password }}' + server_uri: ldaps://{{ ipa_host }} + when: matrixusername_index.changed +# end matrixUser schema - name: add default user object classes ldap_attrs: @@ -62,6 +116,7 @@ ipaUserObjectClasses: - mailRecipient - JIDObject + - matrixUser state: present bind_dn: cn=Directory Manager bind_pw: '{{ freeipa_ds_password }}' @@ -86,6 +141,7 @@ attrs: - mailAlternateAddress - jid + - matrixUsername action: member state: present |