From 9198e7f8096e9f1b0d5f474cf2345913a357f864 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 7 Jul 2014 23:02:45 +0200
Subject: Make the Ansible LDAP plugin able to delete entries and attributes.

Use it to delete cn=admin,dc=fripost,dc=org, and to remove the rootDN on
the 'config' database.
---
 roles/common-LDAP/tasks/main.yml | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'roles/common-LDAP')

diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index 85ad831..e86fa45 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -112,17 +112,25 @@
     - amavis
 
 - name: Load amavis' schema
-  openldap: target=/etc/ldap/schema/amavis.schema state=present
+  openldap: target=/etc/ldap/schema/amavis.schema
             format=slapd.conf name=amavis
   tags:
     - ldap
 
 - name: Load Fripost' schema
-  openldap: target=/etc/ldap/schema/fripost.ldif state=present
+  openldap: target=/etc/ldap/schema/fripost.ldif
   tags:
     - ldap
 
 # We assume a clean (=stock) cn=config
 - name: Configure the LDAP database
   openldap: target=etc/ldap/database.ldif.j2 local=template
-            state=present
+
+# On read-only replicates, you might have to temporarily switch back to
+# read-write, delete the SyncRepl, and delete the DN manually:
+#     sudo ldapdelete -Y EXTERNAL -H ldapi:// cn=admin,dc=fripost,dc=org
+- name: Remove cn=admin,dc=fripost,dc=org
+  openldap: name="cn=admin,dc=fripost,dc=org" delete=entry
+
+- name: Remove the rootDN under the 'config' database
+  openldap: name="olcDatabase={0}config,cn=config" delete=olcRootDN,olcRootPW
-- 
cgit v1.2.3