使用 ansible ldap_attrs 启用 openldap memberof 模块
Enable openldap memberof module with ansible ldap_attrs
对于 ansible 2.10,我使用 ldap_attrs module 启用 openldap memberof 模块:
- name: Enable memberof module
ldap_attrs:
dn: cn=module{0},cn=config
attributes:
olcModuleLoad: memberof.so
state: present
第一次执行任务很好,但是如果我第二次玩剧本就失败了:
fatal: [myserver.mydomain.tld]: FAILED! => {"changed": false, "details": "{'info': u'modify/add: olcModuleLoad: value #0 already exists', 'desc': u'Type or value exists'}", "msg": "Attribute action failed."}
already exists 听起来像我所期望的,所以我很惊讶它被认为是 fatal.
这是一个 ansible 错误,还是我在配置中遗漏了什么?
21 年 9 月这是 not yet supported by ansible。
我可以根据这些解决方法自动执行 memberof 和 refint 安装和配置:
- ldap_attrs:
server_uri: "{{ ldap_api_url }}"
dn: cn=module{0},cn=config
attributes:
olcModuleLoad:
- refint.so
register: ldap_attrs_result
failed_when:
- ldap_attrs_result.failed
- ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"
- ldap_attrs:
server_uri: "{{ ldap_api_url }}"
dn: cn=module{0},cn=config
attributes:
olcModuleLoad:
- memberof.so
register: ldap_attrs_result
failed_when:
- ldap_attrs_result.failed
- ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"
- ldap_entry:
server_uri: "{{ ldap_api_url }}"
dn: olcOverlay=refint,olcDatabase={1}mdb,cn=config
objectClass:
- olcOverlayConfig
- olcRefintConfig
attributes:
olcOverlay: refint
olcRefintAttribute: memberof member manager owner
- ldap_entry:
server_uri: "{{ ldap_api_url }}"
dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
objectClass:
- olcOverlayConfig
- olcMemberOf
attributes:
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: "TRUE"
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
对于 ansible 2.10,我使用 ldap_attrs module 启用 openldap memberof 模块:
- name: Enable memberof module
ldap_attrs:
dn: cn=module{0},cn=config
attributes:
olcModuleLoad: memberof.so
state: present
第一次执行任务很好,但是如果我第二次玩剧本就失败了:
fatal: [myserver.mydomain.tld]: FAILED! => {"changed": false, "details": "{'info': u'modify/add: olcModuleLoad: value #0 already exists', 'desc': u'Type or value exists'}", "msg": "Attribute action failed."}
already exists 听起来像我所期望的,所以我很惊讶它被认为是 fatal.
这是一个 ansible 错误,还是我在配置中遗漏了什么?
21 年 9 月这是 not yet supported by ansible。
我可以根据这些解决方法自动执行 memberof 和 refint 安装和配置:
- ldap_attrs:
server_uri: "{{ ldap_api_url }}"
dn: cn=module{0},cn=config
attributes:
olcModuleLoad:
- refint.so
register: ldap_attrs_result
failed_when:
- ldap_attrs_result.failed
- ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"
- ldap_attrs:
server_uri: "{{ ldap_api_url }}"
dn: cn=module{0},cn=config
attributes:
olcModuleLoad:
- memberof.so
register: ldap_attrs_result
failed_when:
- ldap_attrs_result.failed
- ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"
- ldap_entry:
server_uri: "{{ ldap_api_url }}"
dn: olcOverlay=refint,olcDatabase={1}mdb,cn=config
objectClass:
- olcOverlayConfig
- olcRefintConfig
attributes:
olcOverlay: refint
olcRefintAttribute: memberof member manager owner
- ldap_entry:
server_uri: "{{ ldap_api_url }}"
dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
objectClass:
- olcOverlayConfig
- olcMemberOf
attributes:
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: "TRUE"
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf