CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 2
Code Issues 7 Pull requests 4 Wiki Activity Actions
ansible-infra/ansible_collections/debops/debops/playbooks/ldap/get-uuid.yml
Stefan Bethke 2aed20393f
Some checks failed
/ Ansible Lint (push) Failing after 5m45s
Details
/ Ansible Lint (pull_request) Failing after 4m59s
Details
Vendor Galaxy Roles and Collections
2026-02-06 22:07:16 +01:00

75 lines
2.7 KiB
YAML
Raw Blame History

---
# Copyright (C) 2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# DebOps uses the "to_uuid" Ansible filter to convert LDAP Distinguished Names
# to UUID strings that are safe to use in shell and store in the filesystem.
# This playbook can be used to convert Distinguished Names to UUID strings to
# help locate specific data about a particular Distinguished Name, for example
# a password stored in the 'secret/ldap/credentials/' directory or in the
# 'pass' database.
#
# To use this playbook, it is best to apply it against a specific host that is
# configured to use LDAP via the 'ldap' Ansible role. If that's not the case,
# the playbook will still work, however the resulting UUIDs might not be
# correct.
#
# Remember to specify Distinguished Name attributes separated by commas,
# without spaces between them. For example, don't use:
#
# uid=user, ou=People, dc=example, dc=org
#
# Specify the DN as:
#
# uid=user,ou=People,dc=example,dc=org
#
# Usage: debops ldap/get-uuid -l ldap-host
- name: Convert LDAP Distinguished Name to UUID
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'all' ]
serial: '1'
gather_subset: [ '!all' ]
vars:
# LDAP base Distinguished Name
ldap_base_dn: '{{ ansible_local.ldap.base_dn
if (ansible_local.ldap.base_dn | d())
else (ansible_domain.split(".")
| map("regex_replace", "^(.*)$", "dc=\1")
| list) }}'
# Relative Distinguished Name of the LDAP object that contains the personal
# user accounts
ldap_people_rdn: '{{ ansible_local.ldap.people_rdn | d("ou=People") }}'
# Relative Distinguished Name of an user account to convert to an UUID
person_rdn: 'uid={{ person_uid.user_input }}'
# Distinguished Name of an LDAP object to convert to an UUID
object_dn: '{{ (([ person_rdn, ldap_people_rdn ] + ldap_base_dn) | join(","))
if person_uid.user_input | d()
else object_dn_string.user_input }}'
tasks:
- name: Get the UUID of an user account based on uid
ansible.builtin.pause:
prompt: 'uid (case-sensitive)'
register: person_uid
- name: Get the UUID of a Distinguished Name
ansible.builtin.pause:
prompt: 'dn (case-sensitive)'
register: object_dn_string
when: not person_uid.user_input | d()
- name: LDAP object information
ansible.builtin.debug:
msg: '{{ {"DN:": object_dn,
"UUID:": (object_dn | to_uuid)} }}'
when: object_dn | d()
Reference in a new issue View git blame Copy permalink