---
- hosts: uw00
  tasks:
    - name: setup networking
      import_role:
        name: ../roles/network_setup
      vars:
        ipv4_addr: "{{ uw00_ipv4_addr }}"
        base_domain: uwaterloo.ca
    # LDAP
    - name: install LDAP packages
      apt:
        name: "{{ item }}"
      loop:
        - slapd
        - ldap-utils
        - ldapvi
    - name: configure ldap.conf
      copy:
        dest: /etc/ldap/ldap.conf
        content: |
          BASE dc=uwaterloo,dc=ca
          URI ldapi:///
          TLS_CACERT /etc/ssl/certs/ca-certificates.crt
    - name: give root write access to LDAP
      command:
        cmd: ldapmodify -Y EXTERNAL -H ldapi:///
        stdin: |
          dn: olcDatabase={1}mdb,cn=config
          changetype: modify
          replace: olcAccess
          olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break 
          olcAccess: {1}to attrs=userPassword by self write by anonymous auth by * none
          olcAccess: {2}to attrs=shadowLastChange by self write by * read
          olcAccess: {3}to * by * read
          -
    - name: delete admin record
      shell:
        cmd: ldapdelete -Y EXTERNAL -H ldapi:/// cn=admin,dc=uwaterloo,dc=ca || true
    - name: set organization name
      command:
        cmd: ldapmodify -Y EXTERNAL -H ldapi:///
        stdin: |
          dn: dc=uwaterloo,dc=ca
          changetype: modify
          replace: o
          o: University of Waterloo
    # for inetLocalMailRecipient
    - name: add misc.ldif
      shell:
        cmd: ldapadd -Y EXTERNAL -H ldapi:/// < /etc/ldap/schema/misc.ldif || true
    - name: add people OU
      shell:
        cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true
        stdin: |
          dn: ou=People,dc=uwaterloo,dc=ca
          objectClass: top
          objectClass: organizationalUnit
          ou: People
    - name: add people records
      shell:
        cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true
        stdin: |
          dn: uid={{ item.uid }},ou=People,dc=uwaterloo,dc=ca
          displayName: {{ item.givenName }} {{ item.sn }}
          givenName: {{ item.givenName }}
          sn: {{ item.sn }}
          cn: {{ item.givenName }} {{ item.sn }}
          mailRoutingAddress: {{ item.uid }}@connect.uwaterloo.ca
          ou: MAT/Mathematics Computer Science
          mailLocalAddress: {{ item.uid }}@uwaterloo.ca
          objectClass: inetLocalMailRecipient
          objectClass: inetOrgPerson
          objectClass: organizationalPerson
          objectClass: person
          objectClass: top
          uid: {{ item.uid }}
          mail: {{ item.uid }}@uwaterloo.ca
      loop:
        - uid: ctdalek
          givenName: Calum
          sn: Dalek
        - uid: regular1
          givenName: Regular
          sn: One
        - uid: regular2
          givenName: Regular
          sn: Two
        - uid: regular3
          givenName: Regular
          sn: Three
        - uid: exec1
          givenName: Exec
          sn: One
        - uid: exec2
          givenName: Exec
          sn: Two
        - uid: exec3
          givenName: Exec
          sn: Three
        - uid: syscom1
          givenName: Syscom
          sn: One
        - uid: syscom2
          givenName: Syscom
          sn: Two
        - uid: syscom3
          givenName: Syscom
          sn: Three