diff --git a/ansible/playbooks/adhoc-ipauser-disable-pdr.yml b/ansible/playbooks/adhoc-ipauser-disable-pdr.yml new file mode 100644 index 0000000..2d7d890 --- /dev/null +++ b/ansible/playbooks/adhoc-ipauser-disable-pdr.yml @@ -0,0 +1,74 @@ +--- +# This playbook is meant to be used with callable variables, like adhoc or AWX. +# What: Disables users in the idm infrastructure based on the variables provided. +# This is primarily used in the event a user wishes to have their personal +# information removed from the project. However, signing of the agreements +# in Account Services cannot be removed and should still be available +# for the RESF to query. + +- name: Disable a User - PDR + hosts: ipaserver + become: false + gather_facts: false + vars_files: + - vars/vaults/userman.yml + + tasks: + - name: "Checking for user variables" + assert: + that: + - ipa_admin | mandatory + - ipaadmin_password | mandatory + - ipa_name | mandatory + success_msg: "Required variables provided" + fail_msg: "We are missing user information or ipa admin password" + + - name: "Disabling User Account" + freeipa.ansible_freeipa.ipauser: + ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_password: "{{ ipaadmin_password }}" + name: "{{ ipa_name }}" + state: disabled + tags: + - users + + - name: "Remove personal information attributes" + community.general.ldap_attr: + dn: "uid={{ ipa_name }},cn=users,cn=accounts,dc=rockylinux,dc=org" + name: "{{ item }}" + values: [] + state: exact + server_uri: ldap://localhost/ + bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org" + bind_pw: "{{ ipaadmin_password }}" + with_items: + - fasGPGKeyId + - fasGitHubUsername + - fasGitLabUsername + - fasIRCNick + - fasRHBZEmail + - fasStatusNote + - fasWebsiteURL + - fasgpgkeyid + - fasLocale + - fasTimezone + - homePhone + - homePostalAddress + - postalAddress + - postalCode + - postOfficeBox + - st + - street + - ipaSshPubKey + - telephoneNumber + - homePhone + + - name: "Set FAS Account Information to Private" + community.general.ldap_attr: + dn: "uid={{ ipa_name }},cn=users,cn=accounts,dc=rockylinux,dc=org" + name: "fasisprivate" + values: "TRUE" + state: exact + server_uri: ldap://localhost/ + bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org" + bind_pw: "{{ ipaadmin_password }}"