From 1ca3aff8f1e8237e1cf7bd297414c37aa5a86e45 Mon Sep 17 00:00:00 2001
From: Aurélien Bompard <aurelien@bompard.org>
Date: Oct 08 2020 10:29:37 +0000
Subject: Ipsilon: configure SSSd


Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

---

diff --git a/roles/ipsilon/handlers/main.yml b/roles/ipsilon/handlers/main.yml
new file mode 100644
index 0000000..8121eba
--- /dev/null
+++ b/roles/ipsilon/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: restart sssd
+  service:
+    name: sssd
+    state: restarted
+
diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml
index 6a6b00e..022c8ab 100644
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@@ -196,6 +196,8 @@
   tags:
   - ipsilon
   - config
+  notify:
+  - restart apache
 
 # - name: Create Ipsilon config symlink
 #   file:
@@ -305,3 +307,25 @@
     setype: httpd_sys_content_t
   tags:
   - ipsilon
+
+- name: configure SSSd to forward additional attributes (1/2)
+  replace:
+    path: /etc/sssd/sssd.conf
+    regexp: ^ldap_user_extra_attrs = [\w,\s]+$
+    replace: ldap_user_extra_attrs = mail, street, locality, st, postalCode, telephoneNumber, givenname, sn, fasTimeZone, fasLocale, fasIRCNick, fasGPGKeyId, fasCreationTime, fasStatusNote, fasRHBZEmail, fasGitHubUsername, fasGitLabUsername, fasWebsiteURL, fasIsPrivate
+  tags:
+  - ipsilon
+  - config
+  notify:
+  - restart sssd
+
+- name: configure SSSd to forward additional attributes (2/2)
+  replace:
+    path: /etc/sssd/sssd.conf
+    regexp: ^user_attributes = [\w,\s+]+$
+    replace: user_attributes = +mail, +street, +locality, +st, +postalCode, +telephoneNumber, +givenname, +sn, +fasTimeZone, +fasLocale, +fasIRCNick, +fasGPGKeyId, +fasCreationTime, +fasStatusNote, +fasRHBZEmail, +fasGitHubUsername, +fasGitLabUsername, +fasWebsiteURL, +fasIsPrivate
+  tags:
+  - ipsilon
+  - config
+  notify:
+  - restart sssd
diff --git a/roles/ipsilon/templates/httpd.conf.staging.j2 b/roles/ipsilon/templates/httpd.conf.staging.j2
index c208c7d..785934c 100644
--- a/roles/ipsilon/templates/httpd.conf.staging.j2
+++ b/roles/ipsilon/templates/httpd.conf.staging.j2
@@ -1,7 +1,7 @@
 #RewriteEngine on
 #RewriteRule /.well-known/openid-configuration /openidc/.well-known/openid-configuration [PT]
-#Alias /ui /usr/share/ipsilon/themes/Fedora
-Alias /ui /usr/share/ipsilon/ui
+#Alias /ui /usr/share/ipsilon/ui
+Alias /ui /usr/share/ipsilon/themes/Fedora
 Alias /.well-known /var/lib/ipsilon/idp/public/well-known
 Alias /cache /var/cache/ipsilon
 Redirect /.well-known/webfinger /webfinger