# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---

- name: Enable LDAP
  community.general.idrac_redfish_config:
    category: Manager
    command: SetManagerAttributes
    resource_id: iDRAC.Embedded.1
    manager_attributes:
      LDAP.1.Enable: "Enabled"
      LDAP.1.Server: "{{ ldap_server_address }}"
      LDAP.1.BaseDN: "{{ base_dn }}"
      LDAP.1.UserAttribute: "{{ user_attribute }}"
      LDAP.1.GroupAttribute: "{{ group_attribute }}"
      LDAP.1.GroupAttributeIsDN: "{{ group_attribute_is_dn }}"
      LDAP.1.BindDN: "{{ bind_dn }}"
      LDAP.1.BindPassword: "{{ bind_password }}"
      LDAP.1.SearchFilter: "{{ search_filter }}"
      LDAP.1.CertValidationEnable: "{{ cert_validation_enable }}"
      LDAPRoleGroup.1.DN: "{{ role_group1_dn }}"
    baseuri: "{{ inventory_hostname }}"
    username: "{{ idrac_username }}"
    password: "{{ idrac_password }}"
  register: enable_ldap
  no_log: true
  when: ldap_directory_services == "enabled"

- name: Update LDAP port and role group 1 privilage
  command: sshpass -p {{ idrac_password }} ssh -o "StrictHostKeyChecking no" {{ idrac_username }}@{{ inventory_hostname }} 'racadm set {{ item.name }} {{ item.value }}'
  changed_when: true
  no_log: true
  when: ldap_directory_services == "enabled"
  with_items:
    - { name: "iDRAC.LDAP.Port", value: "{{ ldap_port }}" }
    - { name: "iDRAC.LDAPRoleGroup.1.Privilege", value: "{{ role_group1_privilege_id }}" } 
          
- name: Disable LDAP
  community.general.idrac_redfish_config:
    category: Manager
    command: SetManagerAttributes
    resource_id: iDRAC.Embedded.1
    manager_attributes:
      LDAP.1.Enable: "Disabled"
    baseuri: "{{ inventory_hostname }}"
    username: "{{ idrac_username }}"
    password: "{{ idrac_password }}"
  register: disable_ldap
  when: ldap_directory_services == "disabled"