Make the Ansible LDAP plugin able to delete entries and attributes.

Use it to delete cn=admin,dc=fripost,dc=org, and to remove the rootDN on
the 'config' database.

1 files changed, 11 insertions, 3 deletions

diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index 85ad831..e86fa45 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -112,17 +112,25 @@
     - amavis
 
 - name: Load amavis' schema
-  openldap: target=/etc/ldap/schema/amavis.schema state=present
+  openldap: target=/etc/ldap/schema/amavis.schema
             format=slapd.conf name=amavis
   tags:
     - ldap
 
 - name: Load Fripost' schema
-  openldap: target=/etc/ldap/schema/fripost.ldif state=present
+  openldap: target=/etc/ldap/schema/fripost.ldif
   tags:
     - ldap
 
 # We assume a clean (=stock) cn=config
 - name: Configure the LDAP database
   openldap: target=etc/ldap/database.ldif.j2 local=template
-            state=present
+
+# On read-only replicates, you might have to temporarily switch back to
+# read-write, delete the SyncRepl, and delete the DN manually:
+#     sudo ldapdelete -Y EXTERNAL -H ldapi:// cn=admin,dc=fripost,dc=org
+- name: Remove cn=admin,dc=fripost,dc=org
+  openldap: name="cn=admin,dc=fripost,dc=org" delete=entry
+
+- name: Remove the rootDN under the 'config' database
+  openldap: name="olcDatabase={0}config,cn=config" delete=olcRootDN,olcRootPW