From ddb0ed97cb8479ab38417609dfe40b111805af7a Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 31 Aug 2021 22:24:26 +0000
Subject: [PATCH] ldap/nss: Deprecate role, replaced with sssd

---
 roles/ldap/nss/handlers/main.yml       | 11 ------
 roles/ldap/nss/tasks/main.yml          | 47 --------------------------
 roles/ldap/nss/templates/nslcd.conf.j2 | 25 --------------
 3 files changed, 83 deletions(-)
 delete mode 100644 roles/ldap/nss/handlers/main.yml
 delete mode 100644 roles/ldap/nss/tasks/main.yml
 delete mode 100644 roles/ldap/nss/templates/nslcd.conf.j2

diff --git a/roles/ldap/nss/handlers/main.yml b/roles/ldap/nss/handlers/main.yml
deleted file mode 100644
index af7fa02..0000000
--- a/roles/ldap/nss/handlers/main.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-- name: restart nslcd
-  service:
-    name: nslcd
-    state: restarted
-  notify: reload nscd
-
-- name: reload nscd
-  service:
-    name: nscd
-    state: reloaded
diff --git a/roles/ldap/nss/tasks/main.yml b/roles/ldap/nss/tasks/main.yml
deleted file mode 100644
index 5627ffd..0000000
--- a/roles/ldap/nss/tasks/main.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-- name: install packages
-  package:
-    name: "{{ item }}"
-    state: installed
-  with_items:
-    - nscd
-    - nss-pam-ldapd
-
-- name: configure nsswitch to use ldap
-  lineinfile:
-    path: /etc/nsswitch.conf
-    regexp: "^{{ item }}:.*"
-    line: "{{ item }}: files ldap"
-  with_items:
-    - passwd
-    - shadow
-    - group
-
-- name: configure netgroup to use ldap
-  lineinfile:
-    path: /etc/nsswitch.conf
-    regexp: "^netgroup:.*"
-    line: "netgroup: ldap"
-
-- name: allow nslcd user to read host key
-  user:
-    name: nslcd
-    groups: hostkey
-
-- name: create nslcd config
-  template:
-    dest: /etc/nslcd.conf
-    src: nslcd.conf.j2
-    mode: 0600
-    owner: root
-    group: root
-  notify: restart nslcd
-
-- name: enable nslcd and nscd
-  service:
-    name: "{{ item }}"
-    enabled: true
-    state: started
-  with_items:
-    - nslcd
-    - nscd
diff --git a/roles/ldap/nss/templates/nslcd.conf.j2 b/roles/ldap/nss/templates/nslcd.conf.j2
deleted file mode 100644
index 2ec3895..0000000
--- a/roles/ldap/nss/templates/nslcd.conf.j2
+++ /dev/null
@@ -1,25 +0,0 @@
-uid nslcd
-gid ldap
-
-uri {% for server in ldap_server %}ldaps://{{ server }} {% endfor %}
-base {{ ldap_basedn }}
-
-# time out searches after 30 seconds
-timelimit 30
-# close idle connections after 10 minutes
-idle_timelimit 600
-# do not search group memberships for local users
-nss_initgroups_ignoreusers ALLLOCAL
-
-pagesize 500
-map group member uniqueMember
-
-# use ssl and verify server cert
-ssl on
-tls_reqcert demand
-tls_cacertfile {{ tls_bundle }}
-
-# use local host cert/key for authentication
-tls_key {{ tls_private }}/{{ inventory_hostname }}.key
-tls_cert {{ tls_certs }}/{{ inventory_hostname }}.crt
-sasl_mech EXTERNAL