added support to sync memberships from ldap

defaults/main.yml

@@ -19,4 +19,20 @@ mailman:
     key: "{{ lookup('password', '/dev/null length=128') }}"
   list_defaults:
     settings: {}
+    ldap:
+      member:
+        enabled: False
+        dn: ~
+        filter: ~
+        username_attr: ~
+      moderator:
+        enabled: False
+        dn: ~
+        filter: ~
+        username_attr: ~
+      owner:
+        enabled: False
+        dn: ~
+        filter: ~
+        username_attr: ~
   lists: {}

filter_plugins/filters.py

@@ -0,0 +1,15 @@
+#!/usr/bin/env python3
+
+from ansible.plugins.filter.core import combine
+
+def expand_lists_with_defaults(input_dict, defaults):
+	output_dict = {}
+	for i in input_dict.keys():
+		output_dict[i] = combine({'name': i}, defaults, input_dict[i], recursive=True)
+	return output_dict
+
+class FilterModule(object):
+	def filters(self):
+		return {
+				'expand_dict_keys_with_defaults': expand_lists_with_defaults
+			}

tasks/list.yml

@@ -1,10 +0,0 @@
-- set_fact:
-    current_list: "{{ {}|combine(mailman.list_defaults, {'name': listname}, mailman.lists[listname], recursive=True) }}"
-
-- name: "setup mailing list ( {{ current_list.name }} )"
-  mailman_list:
-    api_url: "http://{{ mailman.api.hostname }}:{{ mailman.api.port }}/{{ mailman.api.version }}"
-    api_user: "{{ mailman.api.admin.name }}"
-    api_password: "{{ mailman.api.admin.pw }}"
-    name: "{{ current_list.name }}"
-    settings: "{{ current_list.settings }}"

tasks/main.yml

@@ -12,9 +12,12 @@
 
 - name: install mailman addons via pip
   notify: restart mailman
+  loop:
+    - git+https://git.cccv.de/infra/uffd/django-auth-ldap-remoteuser.git
+    - git+https://git.cccv.de/infra/uffd/postorius-ldap-membership-management.git
   pip:
     executable: pip3
-    name: git+https://git.cccv.de/infra/uffd/django-auth-ldap-remoteuser.git
+    name: "{{ item }}" 
 
 - name: add ldap sync job
   when: mailman.web.ldap.sync|d(False)
@@ -54,8 +57,14 @@
 - name: flush handlers to get mailman ready
   meta: flush_handlers
 
-- name: setup mailing lists
+- name: "setup mailing list ( {{ current_list.key }} )"
-  include_tasks: list.yml
+  notify: restart mailman-web
-  loop: "{{ mailman.lists.keys()|list }}"
+  loop: "{{ mailman.lists|expand_dict_keys_with_defaults(mailman.list_defaults)|dict2items }}"
   loop_control:
-    loop_var: listname
+    loop_var: current_list
+  mailman_list:
+    api_url: "http://{{ mailman.api.hostname }}:{{ mailman.api.port }}/{{ mailman.api.version }}"
+    api_user: "{{ mailman.api.admin.name }}"
+    api_password: "{{ mailman.api.admin.pw }}"
+    name: "{{ current_list.value.name }}"
+    settings: "{{ current_list.value.settings }}"

templates/mailman-web.py.j2

@@ -69,6 +69,9 @@ INSTALLED_APPS = (
 {% if mailman.web.remote_user and mailman.web.ldap %}
     'django_auth_ldap_remoteuser',
 {% endif %}
+{% if mailman.web.ldap %}
+    'postorius_ldap_membership_management',
+{% endif %}
 )
 
 AUTHENTICATION_BACKENDS = (
@@ -223,7 +226,7 @@ AUTH_LDAP_CONNECTION_OPTIONS = {{ mailman.web.ldap.options|d('{}') }}
 AUTH_LDAP_USER_DN_TEMPLATE = "{{ mailman.web.ldap.user_filter|d('') }}"
 AUTH_LDAP_USER_SEARCH = {{ mailman.web.ldap.user_search|d('None') }}
 AUTH_LDAP_USER_SEARCH_ALL_NAME = {{ mailman.web.ldap.user_search_all_name|d('None') }}
-AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn", "email": "mail"}
+AUTH_LDAP_USER_ATTR_MAP = {"first_name": "cn", "email": "mail"}
 
 AUTH_LDAP_GROUP_SEARCH = {{ mailman.web.ldap.group_search|d('') }}
 AUTH_LDAP_GROUP_TYPE = {{ mailman.web.ldap.group_type|d('') }}
@@ -236,8 +239,14 @@ AUTH_LDAP_FIND_GROUP_PERMS = True
 AUTH_LDAP_REQUIRE_GROUP = "{{ mailman.web.ldap.group_require|d('') }}"
 AUTH_LDAP_DENY_GROUP = "{{ mailman.web.ldap.group_require|d('') }}"
 AUTH_LDAP_USER_FLAGS_BY_GROUP = {{ mailman.web.ldap.mappings|d({})|to_json }}
+
+null = None
+true = True
+false = False
+LDAP_MEMBERSHIP_SYNC = {{ mailman.lists|expand_dict_keys_with_defaults(mailman.list_defaults)|to_json }}
 {% endif %}
 
 SESSION_EXPIRE_SECONDS = {{ mailman.web.session_timeout }}
 HYPERKITTY_ENABLE_GRAVATAR = False
 HYPERKITTY_ALLOW_WEB_POSTING = False
+