mkouhei · karlmdavis · Jan 3, 2017 · Jan 3, 2017 · Jan 3, 2017 · Jan 3, 2017
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,54 @@
+---
+language: python
+cache: pip
+python: "2.7"
+
+# Use a full VM (rather than a sudo-less container), as we need sudo access to
+# test this Ansible role.
+sudo: true
+
+# The test script will be run against the following versions of Ansible:
+env:
+  - ANSIBLE_VERSION=2.1.1.0
+  - ANSIBLE_VERSION=2.2.0.0
+
+# Install Python's PIP.
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install Ansible.
+  - pip install ansible==$ANSIBLE_VERSION
+
+  # Install the other required Python libraries.
+  #- pip install -r tests/requirements.txt
+
+  # Print the Ansible version to the log.
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+  # Ensure that the test script can find the modules to test.
+  - cd tests && ln -s ../library library && cd ..
+
+script:
+  # Basic test script syntax check.
+  - ansible-playbook tests/test.yml --inventory-file=tests/inventory --syntax-check
+
+  # Run the test script.
+  - ansible-playbook tests/test.yml --inventory-file=tests/inventory --connection=local
+
+  # Run the test script again, checking to make sure it's idempotent.
+  - >
+    ansible-playbook tests/test.yml --inventory-file=tests/inventory --connection=local --skip-tags "test"
+    | tee /dev/tty
+    | grep -q 'changed=0.*failed=0'
+    && (echo 'Idempotence test: pass' && exit 0)
+    || (echo 'Idempotence test: fail' && exit 1)
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
+
diff --git a/README.md b/README.md
@@ -1,20 +1,25 @@
-# LDAP Modules for Ansible (Fork)
+# Ansible LDAP Modules
 
-## Fork version
+![Travis CI Build Status](https://travis-ci.org/karlmdavis/ansible-role-ldap.svg)
 
-[ansible-role-ldap](https://github.com/mkouhei/ansible-role-ldap) is published on the [Ansible Galaxy](https://galaxy.ansible.com/detail#/role/6652) that forked by Kouhei Maeda.
-The original is [ansible-ldap](https://bitbucket.org/psagers/ansible-ldap) by Peter Sagerson.
+This project provides a pair of [Ansible](http://www.ansible.com) modules for manipulating an LDAP directory. The [`ldap_entry`](./ldap-entry) module can be used to create/delete LDAP entries and the [`ldap_attr`](./ldap_attr) module can then be used to manage those entries' attributes.
 
-## About
+Unless/until these modules makes their way upstream into Ansible, the documentation for them is only available embedded in their code (see the link for each, above).
 
-This project contains a pair of [Ansible](http://www.ansible.com/home) modules
-for manipulating an LDAP directory. `ldap_entry` can be used to ensure that an
-entire entry exists and `ldap_attr` can be used to ensure the values of an
-entry's attributes.
+These modules are published on [Ansible Galaxy](https://galaxy.ansible.com) here: TODO. They can be installed from there by TODO.
 
-Regrettably, Ansible does not have any sensible mechanism for packaging and
-distributing third-party modules with rendered documentation and runnable unit
-tests. The LDAP modules do have complete documentation strings embedded.
+Requirements
+------------
+
+This role supports Ansible 2 and later. For the specific versions that it's tested against, see the values for "`ANSIBLE_VERSION`" towards the top of [.travis.yml](./.travis.yml).
+
+License
+-------
+
+[BSD](./LICENSE) and public domain (as the changes exclusive to this fork were written by US federal government employees, partially during work hours).
+
+Author Information
+------------------
+
+This fork was authored by Karl M. Davis (https://justdavis.com/karl/), but the vast bulk of the work originally came from [ansible-ldap](https://bitbucket.org/psagers/ansible-ldap) by Peter Sagerson.
 
-I find these modules useful for one of my deployments and I welcome anyone else
-to use or distribute them under the BSD license.
diff --git a/library/ldap_attr b/library/ldap_attr
diff --git a/library/ldap_entry b/library/ldap_entry
diff --git a/tests/inventory b/tests/inventory
@@ -0,0 +1 @@
+localhost
diff --git a/tests/requirements.txt b/tests/requirements.txt
@@ -0,0 +1 @@
+
diff --git a/tests/test.yml b/tests/test.yml
@@ -0,0 +1,80 @@
+---
+- hosts: localhost
+  vars:
+
+    - ldap_root_password: 'notsecureanddoesnotmatter'
+
+  tasks:
+
+    - debconf: name=slapd question='slapd/domain' value='example.com' vtype='string'
+      become: true
+    - debconf: name=slapd question='shared/organization' value='Example Org' vtype='string'
+      become: true
+    - debconf: name=slapd question='slapd/backend' value='HDB' vtype='string'
+      become: true
+    - debconf: name=slapd question='slapd/password1' value="{{ ldap_root_password }}" vtype='password'
+      changed_when: false
+      become: true
+    - debconf: name=slapd question='slapd/password2' value="{{ ldap_root_password }}" vtype='password'
+      changed_when: false
+      become: true
+
+    - name: Install LDAP and Friends
+      apt: name={{ item }} update_cache=true cache_valid_time="{{ 60 * 15 }}"
+      with_items:
+        - slapd
+        - db-util
+        - python-ldap
+        - ldap-utils
+      become: true
+
+    - name: Create LDAP OU
+      ldap_entry: 
+        bind_dn: 'cn=admin,dc=example,dc=com'
+        bind_pw: "{{ ldap_root_password }}"
+        dn: 'ou=foo,dc=example,dc=com'
+        objectClass: ['organizationalUnit']
+
+    - name: Create LDAP User Account
+      ldap_entry:
+        bind_dn: 'cn=admin,dc=example,dc=com'
+        bind_pw: "{{ ldap_root_password }}"
+        dn: 'uid=bar,ou=foo,dc=example,dc=com'
+        objectClass: ['inetOrgPerson', 'posixAccount']
+        uid: 'bar'
+        cn: 'Bar Fizz'
+        displayName: 'Bar Fizz'
+        givenName: 'Bar'
+        sn: 'Fizz'
+        uidNumber: '10000'
+        gidNumber: '10000'
+        userPassword: 'doesnotmatter'
+        loginShell: '/bin/bash'
+        homeDirectory: '/home/bar'
+        mail: 'bar@example.com'
+
+    - name: Create LDAP Group
+      ldap_entry:
+        bind_dn: 'cn=admin,dc=example,dc=com'
+        bind_pw: "{{ ldap_root_password }}"
+        dn: 'cn=buzz,ou=foo,dc=example,dc=com'
+        objectClass: 'groupOfNames'
+        cn: 'buzz'
+        member:
+          - 'uid=bar,ou=foo,dc=example,dc=com'
+
+    - name: Update LDAP Account
+      ldap_attr:
+        bind_dn: 'cn=admin,dc=example,dc=com'
+        bind_pw: "{{ ldap_root_password }}"
+        dn: 'uid=bar,ou=foo,dc=example,dc=com'
+        state: exact
+        name: mail
+        values: 'bar2@example.com'
+
+    - name: Verify LDAP Search
+      command: sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com
+      register: ldap_search_result
+      failed_when: "ldap_search_result.rc != 0 or 'bar2@example.com' not in ldap_search_result.stdout"
+      tags: test
+