2

在 ansible 2.10 中,我使用ldap_attrs 模块来启用 openldap memberof 模块:

- name: Enable memberof module
  ldap_attrs:
    dn: cn=module{0},cn=config
    attributes:
      olcModuleLoad: memberof.so
    state: present

第一次执行任务效果很好,但如果我第二次播放剧本,它会失败:

fatal: [myserver.mydomain.tld]: FAILED! => {"changed": false, "details": "{'info': u'modify/add: olcModuleLoad: value #0 already exists', 'desc': u'Type or value exists'}", "msg": "Attribute action failed."}

already exists听起来像我所期望的,所以我很惊讶它被认为是致命的。

它是一个错误的错误,还是我错过了配置中的某些内容?

4

1 回答 1

0

在 21 年 9 月, ansible 尚不支持此功能。

我可以根据这些变通方法自动化安装memberof和配置:refint

- ldap_attrs:
    server_uri: "{{ ldap_api_url }}"
    dn: cn=module{0},cn=config
    attributes:
      olcModuleLoad:
        - refint.so
    register: ldap_attrs_result
    failed_when:
      - ldap_attrs_result.failed
      - ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"

- ldap_attrs:
    server_uri: "{{ ldap_api_url }}"
    dn: cn=module{0},cn=config
    attributes:
      olcModuleLoad:
        - memberof.so
    register: ldap_attrs_result
    failed_when:
      - ldap_attrs_result.failed
      - ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"

- ldap_entry:
    server_uri: "{{ ldap_api_url }}"
    dn: olcOverlay=refint,olcDatabase={1}mdb,cn=config
    objectClass:
      - olcOverlayConfig
      - olcRefintConfig
    attributes:
      olcOverlay: refint
      olcRefintAttribute: memberof member manager owner

- ldap_entry:
    server_uri: "{{ ldap_api_url }}"
    dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
    objectClass:
      - olcOverlayConfig
      - olcMemberOf
    attributes:
      olcOverlay: memberof
      olcMemberOfDangling: ignore
      olcMemberOfRefInt: "TRUE"
      olcMemberOfGroupOC: groupOfNames
      olcMemberOfMemberAD: member
      olcMemberOfMemberOfAD: memberOf
于 2021-10-26T07:17:31.750 回答