feat: add ldap-fixer

2025-12-09 23:38:34 +01:00 · 2024-01-05 20:30:57 +00:00
parent 783eea004f
commit 2842983eb9
2 changed files with 56 additions and 0 deletions
--- a/roles/usermanagement/tasks/ldap.yaml
+++ b/roles/usermanagement/tasks/ldap.yaml
@@ -136,9 +136,22 @@
    dest: /opt/
    mode: 0700

+- name: deploy LDAP fixer scripts
+  template:
+    src: fix_ldap.py
+    dest: /opt/fix_ldap.py
+    mode: 0700
+
 - name: Create cronjob Slapd backup
  cron:
    hour: "0"
    minute: "30"
    name: SLAPD Backup (slapcat)
    job: "/opt/slapd_backup.sh"
+
+- name: Create cronjob LDAP fixer
+  cron:
+    hour: "*"
+    minute: "*"
+    name: LDAP keycloak fixer
+    job: "/opt/fix_ldap.py"
--- a/roles/usermanagement/templates/fix_ldap.py
+++ b/roles/usermanagement/templates/fix_ldap.py
@@ -0,0 +1,43 @@
+from ldap3 import Server, Connection, MODIFY_ADD, MODIFY_DELETE
+
+ldap_server = 'ldap://localhost'
+ldap_user = '{{ ldap_bind_dn }}'
+ldap_password = '{{ ldap_password }}'
+base_dn = '{{ ldap_user_dn }}'
+groups_base_dn = '{{ ldap_group_dn }}'
+new_objectclass = 'verification'
+
+# Connect to the LDAP server
+server = Server(ldap_server)
+conn = Connection(server, user=ldap_user, password=ldap_password)
+
+if not conn.bind():
+    print(f"Failed to bind to LDAP server: {conn.last_error}")
+    exit(1)
+
+# handle groups #
+conn.search(groups_base_dn)
+for entry in conn.entries:
+
+    dn = entry.entry_dn
+   
+    # add verification class if it is missing #
+    conn.modify(dn, {'member': [(MODIFY_DELETE, [""])]})
+
+# handle people #
+conn.search(base_dn, '(objectClass=person)')
+for entry in conn.entries:
+
+    dn = entry.entry_dn
+   
+    # add verification class if it is missing #
+    conn.modify(dn, {'objectClass': [(MODIFY_ADD, ["verification"])]})
+    
+    # set verification value if it is not set #
+    modifications = {
+        'emailVerified': [(MODIFY_ADD, ["false"])]
+    }
+    conn.modify(dn, modifications)
+
+# Unbind from the LDAP server
+conn.unbind()