---
# https://www.fyzix.net/index.php?title=Installing_and_configuring_Prosody_%2B_LDAP_support_%2B_Shared_groups_roster_generator
- name: Ensure SASL authd is configured to use LDAP
  lineinfile:
    path: /etc/default/saslauthd
    regexp: '^MECHANISMS='
    line: 'MECHANISMS="ldap"'
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
- name: Ensure SASL authd is enabled to use LDAP
  lineinfile:
    path: /etc/default/saslauthd
    regexp: '^START='
    line: 'START=yes'
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
- name: Ensure SASL authd has LDAP servers configured
  lineinfile:
    path: /etc/saslauthd.conf
    regexp: '^ldap_servers: '
    line: "ldap_servers: ldap://{{ ldap_config['server'] }}:{{ ldap_config['port'] }}/"
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
  notify:
    - Restart SASLAuthd
- name: Ensure SASL authd has LDAP search base configured
  lineinfile:
    path: /etc/saslauthd.conf
    regexp: '^ldap_search_base: '
    line: "ldap_search_base: {{ ldap_config['search'] }},{{ ldap_config['base_dn'] }}"
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
  notify:
    - Restart SASLAuthd
- name: Ensure SASL folder exists
  file:
    path: /etc/sasl
    state: directory
- name: Ensure SASL XMPP password check is configured
  lineinfile:
    path: /etc/sasl/xmpp.conf
    regexp: '^pwcheck_method: '
    line: "pwcheck_method: saslauthd"
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
  notify:
    - Restart SASLAuthd
- name: Ensure SASL XMPP mechanism is configured
  lineinfile:
    path: /etc/sasl/xmpp.conf
    regexp: '^mech_list: '
    line: "mech_list: PLAIN"
    create: yes
    owner: root
    group: root
    mode: '0644'
    backup: yes
  notify:
    - Restart SASLAuthd
- name: Ensure Prosody user is part of SASL
  user:
    name: prosody
    append: yes
    groups:
      - sasl
  notify:
    - Restart Prosody.