使用ansible 2.10,我使用ldap_attrs模块来启用模块的openldap成员:
- name: Enable memberof module
ldap_attrs:
dn: cn=module{0},cn=config
attributes:
olcModuleLoad: memberof.so
state: present
第一次执行任务效果很好,但如果我再玩一次,它就会失败:
fatal: [myserver.mydomain.tld]: FAILED! => {"changed": false, "details": "{'info': u'modify/add: olcModuleLoad: value #0 already exists', 'desc': u'Type or value exists'}", "msg": "Attribute action failed."}
already exists听起来像是我所期待的,所以我很惊讶它被认为是致命的。
这是一个可修复的错误,还是我在配置中遗漏了什么?
在21年9月,ansible还不支持这一点。
我可以根据以下解决方案自动安装和配置memberof和refint:
- ldap_attrs:
server_uri: "{{ ldap_api_url }}"
dn: cn=module{0},cn=config
attributes:
olcModuleLoad:
- refint.so
register: ldap_attrs_result
failed_when:
- ldap_attrs_result.failed
- ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"
- ldap_attrs:
server_uri: "{{ ldap_api_url }}"
dn: cn=module{0},cn=config
attributes:
olcModuleLoad:
- memberof.so
register: ldap_attrs_result
failed_when:
- ldap_attrs_result.failed
- ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"
- ldap_entry:
server_uri: "{{ ldap_api_url }}"
dn: olcOverlay=refint,olcDatabase={1}mdb,cn=config
objectClass:
- olcOverlayConfig
- olcRefintConfig
attributes:
olcOverlay: refint
olcRefintAttribute: memberof member manager owner
- ldap_entry:
server_uri: "{{ ldap_api_url }}"
dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
objectClass:
- olcOverlayConfig
- olcMemberOf
attributes:
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: "TRUE"
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf