---

- name: Configure debconf items for slapd
  debconf:
    name: slapd
    question: "slapd/{{ item.q }}"
    value: "{{ item.v }}"
    vtype: "{{ item.t }}"
  with_items:
    - { q: 'domain', v: "{{ slapd_domain }}", t: 'string' }
    - { q: 'backend', v: "MDB", t: 'select' }
  notify:
    - Restart slapd

- name: Configure debconf items for slapd (passwords)
  debconf:
    name: slapd
    question: "slapd/{{ item.q }}"
    value: "{{ item.v }}"
    vtype: "{{ item.t }}"
  with_items:
    - { q: 'password1', v: "{{ slapd_admin_pass }}", t: 'password' }
    - { q: 'password2', v: "{{ slapd_admin_pass }}", t: 'password' }
  changed_when: false
  no_log: "{{ filter_logs|default('true') }}"

- name: Install required software
  apt:
    pkg:
      - slapd
      - ldap-utils
    state: present

- name: Set ldap OLC password
  lineinfile:
    dest: "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
    line: "olcRootPW: {{ slapd_config_pass }}"
    insertafter: "^modifyTimeStamp:"
    regexp: "^olcRootPW"
  notify:
    - Restart slapd

- name: Copy revspace schema and olcConfig
  copy:
    src: "{{ item.src }}"
    dest: "/etc/ldap/{{ item.dst }}"
    owner: "openldap"
    group: "openldap"
    mode: "0644"
  with_items:
    - { src: "revspace.schema", dst: "schema/revspace.schema" }
    - { src: "sudoers.schema", dst: "schema/sudoers.schema" }
    - { src: "cn={4}revspace.ldif", dst: "slapd.d/cn=config/cn=schema/cn={4}revspace.ldif" }
    - { src: "cn={5}sudoers.ldif", dst: "slapd.d/cn=config/cn=schema/cn={5}sudoers.ldif" }
  notify:
    - Restart slapd

#- name: Create directory for certificates
#  file: path={{ slapd_certpath }} state=directory owner=openldap group=openldap mode=0700
#
#- name: Copy TLS files
#  copy: src=ssl/{{ item }} dest={{ slapd_certpath }}/{{ item }} owner=openldap group=openldap mode=0400
#  with_items:
#    - cacert.pem
#    - server-key.pem
#    - server-cert.pem

- name: Template olc edits
  template:
    src: "{{ item }}.j2"
    dest: "/etc/ldap/{{ item }}.ldif"
    owner: "openldap"
    group: "openldap"
    mode: "0600"
  with_items:
    - olcAccess
    - olcSSL
  register: olcedits
  notify:
    - Restart slapd

- name: Update olcConfig
  command: "ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/{{ item }}.ldif"
  with_items:
    - olcAccess
    - olcSSL
  when: olcedits is changed
  ignore_errors: true
  changed_when: false
  notify:
    - Restart slapd

- name: Enable SSL listener
  lineinfile:
    dest: "/etc/default/slapd"
    line: "SLAPD_SERVICES=\"ldap:/// ldaps:/// ldapi:///\""
    regexp: "^SLAPD_SERVICES"
  notify:
    - Restart slapd