feat: add ldap-fixer

2025-12-10 07:48:33 +01:00 · 2024-01-05 20:30:57 +00:00
parent 783eea004f
commit 2842983eb9
2 changed files with 56 additions and 0 deletions
--- a/roles/usermanagement/tasks/ldap.yaml
+++ b/roles/usermanagement/tasks/ldap.yaml
@@ -136,9 +136,22 @@
    dest: /opt/
    mode: 0700
 - name: deploy LDAP fixer scripts
  template:
    src: fix_ldap.py
    dest: /opt/fix_ldap.py
    mode: 0700
 - name: Create cronjob Slapd backup
  cron:
    hour: "0"
    minute: "30"
    name: SLAPD Backup (slapcat)
    job: "/opt/slapd_backup.sh"
 - name: Create cronjob LDAP fixer
  cron:
    hour: "*"
    minute: "*"
    name: LDAP keycloak fixer
    job: "/opt/fix_ldap.py"
--- a/roles/usermanagement/templates/fix_ldap.py
+++ b/roles/usermanagement/templates/fix_ldap.py
@@ -0,0 +1,43 @@
 from ldap3 import Server, Connection, MODIFY_ADD, MODIFY_DELETE
 ldap_server = 'ldap://localhost'
 ldap_user = '{{ ldap_bind_dn }}'
 ldap_password = '{{ ldap_password }}'
 base_dn = '{{ ldap_user_dn }}'
 groups_base_dn = '{{ ldap_group_dn }}'
 new_objectclass = 'verification'
 # Connect to the LDAP server
 server = Server(ldap_server)
 conn = Connection(server, user=ldap_user, password=ldap_password)
 if not conn.bind():
    print(f"Failed to bind to LDAP server: {conn.last_error}")
    exit(1)
 # handle groups #
 conn.search(groups_base_dn)
 for entry in conn.entries:
    dn = entry.entry_dn
    # add verification class if it is missing #
    conn.modify(dn, {'member': [(MODIFY_DELETE, [""])]})
 # handle people #
 conn.search(base_dn, '(objectClass=person)')
 for entry in conn.entries:
    dn = entry.entry_dn
    # add verification class if it is missing #
    conn.modify(dn, {'objectClass': [(MODIFY_ADD, ["verification"])]})
    # set verification value if it is not set #
    modifications = {
        'emailVerified': [(MODIFY_ADD, ["false"])]
    }
    conn.modify(dn, modifications)
 # Unbind from the LDAP server
 conn.unbind()