TechQA.

Enable openldap memberof module with ansible ldap_attrs

650 views Asked by At

With ansible 2.10 I use the ldap_attrs module to enable the openldap memberof module:

- name: Enable memberof module
  ldap_attrs:
    dn: cn=module{0},cn=config
    attributes:
      olcModuleLoad: memberof.so
    state: present

The first time the task is executed works well, but if I play the playbook a second time it fails:

fatal: [myserver.mydomain.tld]: FAILED! => {"changed": false, "details": "{'info': u'modify/add: olcModuleLoad: value #0 already exists', 'desc': u'Type or value exists'}", "msg": "Attribute action failed."}

already exists sounds like something I expect, so I am surprised that it is considered fatal.

Is it an ansible bug, or did I miss something in the configuration?

ansible openldap memberof
Original Q&A
1

There are 1 answers

0
azmeuk On BEST ANSWER

In september '21 this is not yet supported by ansible.

I could automate the memberof and refint installation and configuration based on those workarounds:

- ldap_attrs:
    server_uri: "{{ ldap_api_url }}"
    dn: cn=module{0},cn=config
    attributes:
      olcModuleLoad:
        - refint.so
    register: ldap_attrs_result
    failed_when:
      - ldap_attrs_result.failed
      - ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"

- ldap_attrs:
    server_uri: "{{ ldap_api_url }}"
    dn: cn=module{0},cn=config
    attributes:
      olcModuleLoad:
        - memberof.so
    register: ldap_attrs_result
    failed_when:
      - ldap_attrs_result.failed
      - ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"

- ldap_entry:
    server_uri: "{{ ldap_api_url }}"
    dn: olcOverlay=refint,olcDatabase={1}mdb,cn=config
    objectClass:
      - olcOverlayConfig
      - olcRefintConfig
    attributes:
      olcOverlay: refint
      olcRefintAttribute: memberof member manager owner

- ldap_entry:
    server_uri: "{{ ldap_api_url }}"
    dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
    objectClass:
      - olcOverlayConfig
      - olcMemberOf
    attributes:
      olcOverlay: memberof
      olcMemberOfDangling: ignore
      olcMemberOfRefInt: "TRUE"
      olcMemberOfGroupOC: groupOfNames
      olcMemberOfMemberAD: member
      olcMemberOfMemberOfAD: memberOf

Related Questions in ANSIBLE

Related Questions in OPENLDAP

Related Questions in MEMBEROF

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions