From d520072024fb00373f1b2041d654f4fde2395930 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Wed, 10 Feb 2021 13:03:55 +0100
Subject: [PATCH] IPA: disable the compat tree and the NIS tree
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/ipa/server/handlers/main.yml |  3 +++
 roles/ipa/server/tasks/main.yml    | 24 ++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 roles/ipa/server/handlers/main.yml

diff --git a/roles/ipa/server/handlers/main.yml b/roles/ipa/server/handlers/main.yml
new file mode 100644
index 0000000000..43d6aa764f
--- /dev/null
+++ b/roles/ipa/server/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart ipa
+  command: ipactl restart
diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index 0db20f6f27..773143c72b 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -159,6 +159,30 @@
   - ipa/server
   - config
 
+- name: Disable the compat tree
+  shell: echo "{{ipa_dm_password}}" | ipa-compat-manage disable
+  tags:
+  - ipa/server
+  - config
+  when: ipa_initial
+  register: output
+  changed_when: "'Plugin Disabled' in output.stdout"
+  failed_when: "'Plugin Disabled' not in output.stderr and output.rc != 0"
+  notify:
+  - restart ipa
+
+- name: Disable the nis tree
+  shell: echo "{{ipa_dm_password}}" | ipa-nis-manage disable
+  tags:
+  - ipa/server
+  - config
+  when: ipa_initial
+  register: output
+  changed_when: "'Plugin Disabled' in output.stdout"
+  failed_when: "'Plugin Disabled' not in output.stderr and output.rc != 0"
+  notify:
+  - restart ipa
+
 - name: Set the expiration date for the admin user
   ipauser:
     name: admin