- name: Install LDAP packages
  apt:
    pkg:
      - slapd
      - ldap-utils
      - python3-ldap

- name: directory /var/lib/slapd/
  file:
    path: /var/lib/ldap/
    owner: root
    group: openldap
    mode: 0770
    state: directory

- name: slapd-LDAP Conf
  template:
    src: slapd.conf
    dest: /etc/ldap/slapd.conf
    owner: openldap
  notify:
    - restart slapd

- name: Disable & mask broken debian slapd unit
  systemd:
    name: slapd
    state: stopped
    enabled: false
    masked: yes

- name: Copy slapd systemd unit
  template:
    src: slapd-custom.service
    dest: /etc/systemd/system/slapd-custom.service
    mode: 0644
  notify:
    - daemon reload
    - restart slapd

- name: Enable and start slapd custom service
  systemd:
    name: slapd-custom.service
    state: started
    enabled: yes

- name: LDAP master conf
  template:
    src: ldap.conf
    dest: /etc/ldap/ldap.conf
    owner: openldap
  notify:
    - restart slapd

- name: LDAP extra schemas
  copy:
    src: verification.schema
    dest: /etc/ldap/schema/verification.schema
    owner: openldap
  notify:
    - restart slapd

- meta: flush_handlers

- name: Wait for LDAP to become ready
  wait_for:
    port: 389
    timeout: 30
    delay: 5

- name: Create LDAP root (1)
  ldap_entry:
    dn: "{{ ldap_suffix }}"
    objectClass:
      - dcObject
      - organization
    attributes: |
        { "o" : "{{ ldap_org }}", "dc" : "{{ ldap_dc }}" }
    state: present
    server_uri: "ldap://localhost"
    bind_dn: "{{ ldap_bind_dn }}"
    bind_pw: "{{ ldap_password }}"

- name: Create LDAP root (2)
  ldap_entry:
    dn: "cn=Manager,dc=atlantishq,dc=de"
    objectClass:
      - organizationalRole
    attributes: |
        { "cn" : "Manager" }
    state: present
    server_uri: "ldap://localhost"
    bind_dn: "{{ ldap_bind_dn }}"
    bind_pw: "{{ ldap_password }}"

- name: Create LDAP Group people
  ldap_entry:
    dn: "ou=People,{{ ldap_suffix }}"
    objectClass:
      - organizationalUnit
    state: present
    server_uri: "ldap://localhost"
    bind_dn: "{{ ldap_bind_dn }}"
    bind_pw: "{{ ldap_password }}"

- name: Create LDAP groups root
  ldap_entry:
    dn: "ou=groups,{{ ldap_suffix }}"
    objectClass:
      - organizationalUnit
    state: present
    server_uri: "ldap://localhost"
    bind_dn: "{{ ldap_bind_dn }}"
    bind_pw: "{{ ldap_password }}"

- name: Create LDAP groups
  ldap_entry:
    dn: "cn={{ item }},ou=groups,{{ ldap_suffix }}"
    objectClass:
      - groupOfNames
    attributes: { "member" : "" }
    state: present
    server_uri: "ldap://localhost"
    bind_dn: "{{ ldap_bind_dn }}"
    bind_pw: "{{ ldap_password }}"
  with_items:
    - nextcloud
    - images
    - mail
    - soundlib
    - monitoring
    - pki

- name: Deploy Backup Script
  copy:
    src: slapd_backup.sh
    dest: /opt/
    mode: 0700

- name: Create cronjob Slapd backup
  cron:
    hour: "0"
    minute: "30"
    name: SLAPD Backup (slapcat)
    job: "/opt/slapd_backup.sh"