Merge pull request #6 from rgroux/issue-ldap_attr

fix:(ldap_attrs): fix obsolete params
lvps · Dec 20, 2022 · 5f45bd4 · 5f45bd4
2 parents ff2eea8 + 3e67ddf
commit 5f45bd4
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 45 deletions.
diff --git a/tasks/configure_changelog.yml b/tasks/configure_changelog.yml
@@ -1,33 +1,36 @@
 ---
-- name: Create changelog configuration entry
-  ldap_entry:
-    server_uri: "{{ dirsrv_server_uri }}"
-    validate_certs: "{{ dirsrv_tls_certificate_trusted }}"
-    start_tls: "{{ dirsrv_use_starttls }}"
-    bind_dn: "{{ dirsrv_rootdn }}"
-    bind_pw: "{{ dirsrv_rootdn_password }}"
-    dn: "cn=changelog5,cn=config"
-    objectClass:
-      - top
-      - extensibleObject
-    attributes:
-      cn: "changelog5"
-      # Fails if this is not set, although it's not a MUST attribute
-      # (but there's dark magic taking place with extensibleObject)
-      nsslapd-changelogdir: "/var/lib/dirsrv/slapd-{{ dirsrv_serverid }}/changelogdb"
-    state: present
+- name: Determine if we need to use "cn=changelog5,cn=config" or not
+  block:
+    - name: Create changelog configuration entry
+      ldap_entry:
+        server_uri: "{{ dirsrv_server_uri }}"
+        validate_certs: "{{ dirsrv_tls_certificate_trusted }}"
+        start_tls: "{{ dirsrv_use_starttls }}"
+        bind_dn: "{{ dirsrv_rootdn }}"
+        bind_pw: "{{ dirsrv_rootdn_password }}"
+        dn: "cn=changelog5,cn=config"
+        objectClass:
+          - top
+          - extensibleObject
+        attributes:
+          cn: "changelog5"
+          # Fails if this is not set, although it's not a MUST attribute
+          # (but there's dark magic taking place with extensibleObject)
+          nsslapd-changelogdir: "/var/lib/dirsrv/slapd-{{ dirsrv_serverid }}/changelogdb"
+        state: present
 
-- name: Configure changelog
-  ldap_attrs:
-    server_uri: "{{ dirsrv_server_uri }}"
-    validate_certs: "{{ dirsrv_tls_certificate_trusted }}"
-    start_tls: "{{ dirsrv_use_starttls }}"
-    bind_dn: "{{ dirsrv_rootdn }}"
-    bind_pw: "{{ dirsrv_rootdn_password }}"
-    dn: "cn=changelog5,cn=config"
-    name: "{{ item.name }}"
-    values: "{{ item.value }}"
-    state: exact
-    attributes:
-      nsslapd-changelogdir: "/var/lib/dirsrv/slapd-{{ dirsrv_serverid }}/changelogdb"
-      nsslapd-changelogmaxage: "{{ dirsrv_changelog_max_age }}"
+    - name: Configure changelog
+      ldap_attrs:
+        server_uri: "{{ dirsrv_server_uri }}"
+        validate_certs: "{{ dirsrv_tls_certificate_trusted }}"
+        start_tls: "{{ dirsrv_use_starttls }}"
+        bind_dn: "{{ dirsrv_rootdn }}"
+        bind_pw: "{{ dirsrv_rootdn_password }}"
+        dn: "cn=changelog5,cn=config"
+        name: "{{ item.name }}"
+        values: "{{ item.value }}"
+        state: exact
+        attributes:
+          nsslapd-changelogdir: "/var/lib/dirsrv/slapd-{{ dirsrv_serverid }}/changelogdb"
+          nsslapd-changelogmaxage: "{{ dirsrv_changelog_max_age }}"
+  when: "ansible_facts['distribution_major_version'] | int >= 8"
diff --git a/tasks/configure_consumer.yml b/tasks/configure_consumer.yml
@@ -27,8 +27,6 @@
     bind_dn: "{{ dirsrv_rootdn }}"
     bind_pw: "{{ dirsrv_rootdn_password }}"
     dn: "cn=replica,cn=\"{{ dirsrv_suffix }}\",cn=mapping tree,cn=config"
-    name: "{{ item.name }}"
-    values: "{{ item.value }}"
     state: exact
     attributes:
       nsds5replicaroot: "{{ dirsrv_suffix }}"
@@ -43,8 +41,6 @@
     bind_dn: "{{ dirsrv_rootdn }}"
     bind_pw: "{{ dirsrv_rootdn_password }}"
     dn: "cn=\"{{ dirsrv_suffix }}\",cn=mapping tree,cn=config"
-    name: "{{ item.name }}"
-    values: "{{ item.value }}"
     state: exact
     attributes:
       nsslapd-referral: "{{ dirsrv_consumer_referral_to_supplier | urlsplit('scheme') }}://\

diff --git a/tasks/configure_replication_agreement.yml b/tasks/configure_replication_agreement.yml
@@ -24,7 +24,7 @@
       cn: "{{ dirsrv_agreement_cn }}"
       # these attributes cannot be modified once set, anyway
       nsds5ReplicaHost: "{{ dirsrv_consumer_uri | urlsplit('hostname') }}"
-      nsds5ReplicaTransportInfo: "{{ 'SSL' if ( dirsrv_consumer_uri | urlsplit('scheme') | lower ) == 'ldaps' else 'TLS' }}"  # SSL = LDAPS, TLS = StartTLS.
+      nsds5ReplicaTransportInfo: "{{ 'SSL' if ( dirsrv_consumer_uri | urlsplit('scheme') | lower ) == 'ldaps' else 'TLS' if ( dirsrv_use_starttls ) else 'LDAP' }}"  # SSL = LDAPS, TLS = StartTLS.
       # These ones... can, I think? However, adding the entry fails if they're not present
       nsds5replicaport: "{{ '389' if not dirsrv_consumer_uri|urlsplit('port') else dirsrv_consumer_uri|urlsplit('port') }}"
       nsds5ReplicaBindDN: "cn={{ dirsrv_replication_user_remote | default(dirsrv_replication_user) }},cn=config"
@@ -45,8 +45,6 @@
     bind_dn: "{{ dirsrv_rootdn }}"
     bind_pw: "{{ dirsrv_rootdn_password }}"
     dn: "cn={{ dirsrv_agreement_cn }},cn=replica,cn=\"{{ dirsrv_suffix  }}\",cn=mapping tree,cn=config"
-    name: "{{ item.name }}"
-    values: "{{ item.value }}"
     state: exact
     attributes:
       nsds5replicaport: "{{ '389' if not dirsrv_consumer_uri|urlsplit('port') else dirsrv_consumer_uri|urlsplit('port') }}"
@@ -60,15 +58,15 @@
 # The exact same as above, but with "changed_when: false" because that "changed" annoyed me.
 # The downside is that if password actually changes, you'll see that nothing has changed according to Ansible, but it did work.
 - name: Configure password on replication agreement on supplier
-  ldap_attr:
+  ldap_attrs:
     server_uri: "{{ dirsrv_server_uri }}"
     validate_certs: "{{ dirsrv_tls_certificate_trusted }}"
     start_tls: "{{ dirsrv_use_starttls }}"
     bind_dn: "{{ dirsrv_rootdn }}"
     bind_pw: "{{ dirsrv_rootdn_password }}"
     dn: "cn={{ dirsrv_agreement_cn }},cn=replica,cn=\"{{ dirsrv_suffix }}\",cn=mapping tree,cn=config"
-    name: "nsds5ReplicaCredentials"
-    values: "{{ dirsrv_replication_user_password_remote | default(dirsrv_replication_user_password) }}"
+    attributes:
+      nsds5ReplicaCredentials: "{{ dirsrv_replication_user_password_remote | default(dirsrv_replication_user_password) }}"
     state: exact
   changed_when: false
 

diff --git a/tasks/configure_replication_user.yml b/tasks/configure_replication_user.yml
@@ -27,8 +27,6 @@
     bind_dn: "{{ dirsrv_rootdn }}"
     bind_pw: "{{ dirsrv_rootdn_password }}"
     dn: "cn={{ dirsrv_replication_user }},cn=config"
-    name: "{{ item.name }}"
-    values: "{{ item.value }}"
     state: exact
     attributes:
       userPassword: "{{ dirsrv_replication_user_password }}"

diff --git a/tasks/configure_supplier.yml b/tasks/configure_supplier.yml
@@ -27,8 +27,6 @@
     bind_dn: "{{ dirsrv_rootdn }}"
     bind_pw: "{{ dirsrv_rootdn_password }}"
     dn: "cn=replica,cn=\"{{ dirsrv_suffix }}\",cn=mapping tree,cn=config"
-    name: "{{ item.name }}"
-    values: "{{ item.value }}"
     state: exact
     attributes:
       nsds5replicaroot: "{{ dirsrv_suffix }}"