From b0230b31b70a940a8c740b6754e771b1176a88a6 Mon Sep 17 00:00:00 2001
From: Jonas Spitaels <37295795+JonasSpitaels@users.noreply.github.com>
Date: Sat, 21 Dec 2019 21:08:36 +0100
Subject: [PATCH 1/4] additions

---
 defaults/main.yml                  |  1 +
 tasks/install_&_configure_LDAP.yml | 14 ++++++++++++++
 tasks/main.yml                     |  5 +++++
 vars/os_RedHat.yml                 |  7 +++++++
 4 files changed, 27 insertions(+)
 create mode 100644 tasks/install_&_configure_LDAP.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 3857e2c..245b4ae 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -18,6 +18,7 @@ samba_shares_root: '/srv/shares'
 samba_shares: []
 samba_users: []
 
+samba_ldap_auth: false
 samba_wins_support: 'yes'
 samba_local_master: 'yes'
 samba_domain_master: 'yes'
diff --git a/tasks/install_&_configure_LDAP.yml b/tasks/install_&_configure_LDAP.yml
new file mode 100644
index 0000000..54407b8
--- /dev/null
+++ b/tasks/install_&_configure_LDAP.yml
@@ -0,0 +1,14 @@
+- name: Install OpenLDAP and its packages for RedHat
+  yum:
+    name: "{{ openldap_client_packages }}"
+    state: present
+  when: ansible_os_family == 'RedHat'
+
+
+- name: Conect to LDAP server
+  shell: authconfig 
+        --enableldap 
+        --enableldapauth 
+        --ldapserver={{ samba_openldap_server_ip_address }} 
+        --ldapbasedn="dc={{ samba_openldap_server_domain_name.split('.')[0] }},dc={{ samba_openldap_server_domain_name.split('.')[1] }}" 
+        --enablemkhomedir --updateall
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index 8bda54b..0001df8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,6 +8,9 @@
     - "os_{{ ansible_os_family }}.yml"
   tags: samba
 
+- include: install_&_configure_LDAP.yml
+  when: samba_ldap_auth == true
+  
 - name: Install Samba packages
   package:
     name: "{{ samba_packages }}"
@@ -159,3 +162,5 @@
   register: create_user_output
   changed_when: "'Added user' in create_user_output.stdout"
   tags: samba
+
+
diff --git a/vars/os_RedHat.yml b/vars/os_RedHat.yml
index 372446f..29f8714 100644
--- a/vars/os_RedHat.yml
+++ b/vars/os_RedHat.yml
@@ -24,3 +24,10 @@ samba_services:
   - nmb
 
 samba_www_documentroot: /var/www/html
+
+openldap_client_packages:
+  - openldap
+  - openldap-clients
+  - authconfig
+  - pam_ldap
+

From 6908ef01ac007e86266def0f35bbb7478cf6c992 Mon Sep 17 00:00:00 2001
From: Jonas Spitaels <37295795+JonasSpitaels@users.noreply.github.com>
Date: Sun, 22 Dec 2019 11:33:05 +0100
Subject: [PATCH 2/4] readme

---
 README.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/README.md b/README.md
index cdcd389..0a7fa0b 100644
--- a/README.md
+++ b/README.md
@@ -9,12 +9,15 @@ An Ansible role for setting up Samba as a file server. It is tested on CentOS, D
 - Create share directories
 - Manage Samba users and passwords
 - Manage access to shares
+- Connect with LDAP server (ONLY tested on RedHat & CentOS)
 
 The following are not considered concerns of this role, and you should configure these using another role (e.g. [bertvv.rh-base](https://galaxy.ansible.com/bertvv/rh-base/):
 
 - Managing firewall settings.
 - Creating system users. Samba users should already exist as system users.
 
+(System users & groups, created by an LDAP server, for creation of samba users and shares, could be added to samba fileserver when authenticating to LDAP server)
+
 **If you like/use this role, please consider giving it a star! Thanks!**
 
 ## CVE-2017-7494
@@ -65,6 +68,12 @@ No specific requirements
 | `samba_users`                  | []                       | List of dicts defining users that can access shares.                                                                         |
 | `samba_wins_support`           | true                     | When true, Samba will act as a WINS server                                                                                   |
 | `samba_workgroup`              | `WORKGROUP`              | Name of the server workgroup.                                                                                                |
+| `samba_ldap_auth`              | false                    | When true, openLDAP packages will be installed and authentication to LDAP server will be possible 
+    |
+| `samba_openldap_server_ip_address`              | -                        | LDAP server ip address (when samba_ldap_auth = true) for LDAP server authentication
+    |
+| `samba_openldap_server_domain_name`             | -                        | LDAP server domain name (when samba_ldap_auth = true) for LDAP server authentication
+    |
 
 ### Defining users
 
@@ -174,6 +183,18 @@ A complete overview of share options follows below. Only `name` is required, the
 
 The values for `valid_users` and `write_list` should be a comma separated list of users. Names prepended with `+` or `@` are interpreted as groups. The documentation for the [Samba configuration](https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html) has more details on these options.
 
+### Authenticating with LDAP server
+
+Authenticating to an LDAP server, which has dfined system users en groups that you may want to use to create samba users and shares off, can be done by using the following variables. 
+When the first defined variable, `samba_ldap_auth` is set to true, OpenLDAP packages will be installed and a connection will try to be made.
+
+```Yaml
+samba_ldap_auth: true
+samba_openldap_server_ip_address: 192.168.0.1
+samba_openldap_server_domain_name: example.local
+```
+
+
 ## Adding arbitrary configuration files
 
 You can add settings that are not supported by this role out-of-the-box through custom configuration files that will be included from the main configuration file. There are three types of include files: for the global section, for the homes section, and for individual shares. Put your custom configuration files in a subdirectory `templates`, relative to your master playbook location. Then, specify them in the variables `samba_global_include`, `samba_homes_include`, or `include_file` in the `samba_shares` definition.

From cced6ae29fdb1b5faf07c8f417e0d06e05d0bf7c Mon Sep 17 00:00:00 2001
From: Jonas Spitaels <37295795+JonasSpitaels@users.noreply.github.com>
Date: Sun, 22 Dec 2019 11:35:51 +0100
Subject: [PATCH 3/4] readme_update

---
 README.md | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 0a7fa0b..b938d91 100644
--- a/README.md
+++ b/README.md
@@ -68,12 +68,9 @@ No specific requirements
 | `samba_users`                  | []                       | List of dicts defining users that can access shares.                                                                         |
 | `samba_wins_support`           | true                     | When true, Samba will act as a WINS server                                                                                   |
 | `samba_workgroup`              | `WORKGROUP`              | Name of the server workgroup.                                                                                                |
-| `samba_ldap_auth`              | false                    | When true, openLDAP packages will be installed and authentication to LDAP server will be possible 
-    |
-| `samba_openldap_server_ip_address`              | -                        | LDAP server ip address (when samba_ldap_auth = true) for LDAP server authentication
-    |
-| `samba_openldap_server_domain_name`             | -                        | LDAP server domain name (when samba_ldap_auth = true) for LDAP server authentication
-    |
+| `samba_ldap_auth`              | false                    | When true, openLDAP packages will be installed and authentication to LDAP server will be possible                            |
+| `samba_openldap_server_ip_address`              | -                        | LDAP server ip address (when samba_ldap_auth = true) for LDAP server authentication                         |
+| `samba_openldap_server_domain_name`             | -                        | LDAP server domain name (when samba_ldap_auth = true) for LDAP server authentication                        |
 
 ### Defining users
 

From aa49c39df56c44a4093801bdb05f454c2b790cee Mon Sep 17 00:00:00 2001
From: Jonas Spitaels <37295795+JonasSpitaels@users.noreply.github.com>
Date: Mon, 6 Jan 2020 16:00:50 +0100
Subject: [PATCH 4/4] Update README.md

---
 README.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index b938d91..0b18f8c 100644
--- a/README.md
+++ b/README.md
@@ -182,8 +182,8 @@ The values for `valid_users` and `write_list` should be a comma separated list o
 
 ### Authenticating with LDAP server
 
-Authenticating to an LDAP server, which has dfined system users en groups that you may want to use to create samba users and shares off, can be done by using the following variables. 
-When the first defined variable, `samba_ldap_auth` is set to true, OpenLDAP packages will be installed and a connection will try to be made.
+You may want to authenticate with an LDAP server that has defined system users and groups, so you could create samba users and shares from these system users and groups. Authenticating to an LDAP server, can be done by using the following variables. 
+When the first defined variable, `samba_ldap_auth` is set to true, the necessary OpenLDAP packages will be installed and a connection (when the other two variables are set as well) to an LDAP server will be made.
 
 ```Yaml
 samba_ldap_auth: true
@@ -191,6 +191,9 @@ samba_openldap_server_ip_address: 192.168.0.1
 samba_openldap_server_domain_name: example.local
 ```
 
+Use the following commands to check if you have access to the LDAP's server created users: `getent passwd`
+
+Use the following commands to check if you have access to the LDAP's server created group: `ldapsearch -x -LLL`
 
 ## Adding arbitrary configuration files