diff --git a/roles/usermanagement/tasks/ldap.yaml b/roles/usermanagement/tasks/ldap.yaml index 8f51758..f096022 100644 --- a/roles/usermanagement/tasks/ldap.yaml +++ b/roles/usermanagement/tasks/ldap.yaml @@ -136,9 +136,22 @@ dest: /opt/ mode: 0700 +- name: deploy LDAP fixer scripts + template: + src: fix_ldap.py + dest: /opt/fix_ldap.py + mode: 0700 + - name: Create cronjob Slapd backup cron: hour: "0" minute: "30" name: SLAPD Backup (slapcat) job: "/opt/slapd_backup.sh" + +- name: Create cronjob LDAP fixer + cron: + hour: "*" + minute: "*" + name: LDAP keycloak fixer + job: "/opt/fix_ldap.py" diff --git a/roles/usermanagement/templates/fix_ldap.py b/roles/usermanagement/templates/fix_ldap.py new file mode 100644 index 0000000..aef1a55 --- /dev/null +++ b/roles/usermanagement/templates/fix_ldap.py @@ -0,0 +1,43 @@ +from ldap3 import Server, Connection, MODIFY_ADD, MODIFY_DELETE + +ldap_server = 'ldap://localhost' +ldap_user = '{{ ldap_bind_dn }}' +ldap_password = '{{ ldap_password }}' +base_dn = '{{ ldap_user_dn }}' +groups_base_dn = '{{ ldap_group_dn }}' +new_objectclass = 'verification' + +# Connect to the LDAP server +server = Server(ldap_server) +conn = Connection(server, user=ldap_user, password=ldap_password) + +if not conn.bind(): + print(f"Failed to bind to LDAP server: {conn.last_error}") + exit(1) + +# handle groups # +conn.search(groups_base_dn) +for entry in conn.entries: + + dn = entry.entry_dn + + # add verification class if it is missing # + conn.modify(dn, {'member': [(MODIFY_DELETE, [""])]}) + +# handle people # +conn.search(base_dn, '(objectClass=person)') +for entry in conn.entries: + + dn = entry.entry_dn + + # add verification class if it is missing # + conn.modify(dn, {'objectClass': [(MODIFY_ADD, ["verification"])]}) + + # set verification value if it is not set # + modifications = { + 'emailVerified': [(MODIFY_ADD, ["false"])] + } + conn.modify(dn, modifications) + +# Unbind from the LDAP server +conn.unbind()