From c0b5234f0eb13c045f1753f02d44b09cf01ce62c Mon Sep 17 00:00:00 2001 From: rgroux Date: Mon, 19 Dec 2022 15:40:21 +0100 Subject: [PATCH 1/2] fix:(ldap_attrs): fix obsolete params --- tasks/configure_consumer.yml | 4 ---- tasks/configure_replication_agreement.yml | 10 ++++------ tasks/configure_replication_user.yml | 2 -- tasks/configure_supplier.yml | 2 -- 4 files changed, 4 insertions(+), 14 deletions(-) diff --git a/tasks/configure_consumer.yml b/tasks/configure_consumer.yml index b5d5c1a..fca3050 100644 --- a/tasks/configure_consumer.yml +++ b/tasks/configure_consumer.yml @@ -27,8 +27,6 @@ bind_dn: "{{ dirsrv_rootdn }}" bind_pw: "{{ dirsrv_rootdn_password }}" dn: "cn=replica,cn=\"{{ dirsrv_suffix }}\",cn=mapping tree,cn=config" - name: "{{ item.name }}" - values: "{{ item.value }}" state: exact attributes: nsds5replicaroot: "{{ dirsrv_suffix }}" @@ -43,8 +41,6 @@ bind_dn: "{{ dirsrv_rootdn }}" bind_pw: "{{ dirsrv_rootdn_password }}" dn: "cn=\"{{ dirsrv_suffix }}\",cn=mapping tree,cn=config" - name: "{{ item.name }}" - values: "{{ item.value }}" state: exact attributes: nsslapd-referral: "{{ dirsrv_consumer_referral_to_supplier | urlsplit('scheme') }}://\ diff --git a/tasks/configure_replication_agreement.yml b/tasks/configure_replication_agreement.yml index e5472ee..b41df5e 100644 --- a/tasks/configure_replication_agreement.yml +++ b/tasks/configure_replication_agreement.yml @@ -24,7 +24,7 @@ cn: "{{ dirsrv_agreement_cn }}" # these attributes cannot be modified once set, anyway nsds5ReplicaHost: "{{ dirsrv_consumer_uri | urlsplit('hostname') }}" - nsds5ReplicaTransportInfo: "{{ 'SSL' if ( dirsrv_consumer_uri | urlsplit('scheme') | lower ) == 'ldaps' else 'TLS' }}" # SSL = LDAPS, TLS = StartTLS. + nsds5ReplicaTransportInfo: "{{ 'SSL' if ( dirsrv_consumer_uri | urlsplit('scheme') | lower ) == 'ldaps' else 'TLS' if ( dirsrv_use_starttls ) else 'LDAP' }}" # SSL = LDAPS, TLS = StartTLS. # These ones... can, I think? However, adding the entry fails if they're not present nsds5replicaport: "{{ '389' if not dirsrv_consumer_uri|urlsplit('port') else dirsrv_consumer_uri|urlsplit('port') }}" nsds5ReplicaBindDN: "cn={{ dirsrv_replication_user_remote | default(dirsrv_replication_user) }},cn=config" @@ -45,8 +45,6 @@ bind_dn: "{{ dirsrv_rootdn }}" bind_pw: "{{ dirsrv_rootdn_password }}" dn: "cn={{ dirsrv_agreement_cn }},cn=replica,cn=\"{{ dirsrv_suffix }}\",cn=mapping tree,cn=config" - name: "{{ item.name }}" - values: "{{ item.value }}" state: exact attributes: nsds5replicaport: "{{ '389' if not dirsrv_consumer_uri|urlsplit('port') else dirsrv_consumer_uri|urlsplit('port') }}" @@ -60,15 +58,15 @@ # The exact same as above, but with "changed_when: false" because that "changed" annoyed me. # The downside is that if password actually changes, you'll see that nothing has changed according to Ansible, but it did work. - name: Configure password on replication agreement on supplier - ldap_attr: + ldap_attrs: server_uri: "{{ dirsrv_server_uri }}" validate_certs: "{{ dirsrv_tls_certificate_trusted }}" start_tls: "{{ dirsrv_use_starttls }}" bind_dn: "{{ dirsrv_rootdn }}" bind_pw: "{{ dirsrv_rootdn_password }}" dn: "cn={{ dirsrv_agreement_cn }},cn=replica,cn=\"{{ dirsrv_suffix }}\",cn=mapping tree,cn=config" - name: "nsds5ReplicaCredentials" - values: "{{ dirsrv_replication_user_password_remote | default(dirsrv_replication_user_password) }}" + attributes: + nsds5ReplicaCredentials: "{{ dirsrv_replication_user_password_remote | default(dirsrv_replication_user_password) }}" state: exact changed_when: false diff --git a/tasks/configure_replication_user.yml b/tasks/configure_replication_user.yml index 7aed09c..c511759 100644 --- a/tasks/configure_replication_user.yml +++ b/tasks/configure_replication_user.yml @@ -27,8 +27,6 @@ bind_dn: "{{ dirsrv_rootdn }}" bind_pw: "{{ dirsrv_rootdn_password }}" dn: "cn={{ dirsrv_replication_user }},cn=config" - name: "{{ item.name }}" - values: "{{ item.value }}" state: exact attributes: userPassword: "{{ dirsrv_replication_user_password }}" diff --git a/tasks/configure_supplier.yml b/tasks/configure_supplier.yml index 13d9a9c..a85ae6b 100644 --- a/tasks/configure_supplier.yml +++ b/tasks/configure_supplier.yml @@ -27,8 +27,6 @@ bind_dn: "{{ dirsrv_rootdn }}" bind_pw: "{{ dirsrv_rootdn_password }}" dn: "cn=replica,cn=\"{{ dirsrv_suffix }}\",cn=mapping tree,cn=config" - name: "{{ item.name }}" - values: "{{ item.value }}" state: exact attributes: nsds5replicaroot: "{{ dirsrv_suffix }}" From 3e67ddff18917ceb39379be9c689ced35c065eac Mon Sep 17 00:00:00 2001 From: rgroux Date: Mon, 19 Dec 2022 16:56:41 +0100 Subject: [PATCH 2/2] fix(): do not use changelog5 on RHEL8 and above --- tasks/configure_changelog.yml | 65 ++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 31 deletions(-) diff --git a/tasks/configure_changelog.yml b/tasks/configure_changelog.yml index 6da2772..51ca082 100644 --- a/tasks/configure_changelog.yml +++ b/tasks/configure_changelog.yml @@ -1,33 +1,36 @@ --- -- name: Create changelog configuration entry - ldap_entry: - server_uri: "{{ dirsrv_server_uri }}" - validate_certs: "{{ dirsrv_tls_certificate_trusted }}" - start_tls: "{{ dirsrv_use_starttls }}" - bind_dn: "{{ dirsrv_rootdn }}" - bind_pw: "{{ dirsrv_rootdn_password }}" - dn: "cn=changelog5,cn=config" - objectClass: - - top - - extensibleObject - attributes: - cn: "changelog5" - # Fails if this is not set, although it's not a MUST attribute - # (but there's dark magic taking place with extensibleObject) - nsslapd-changelogdir: "/var/lib/dirsrv/slapd-{{ dirsrv_serverid }}/changelogdb" - state: present +- name: Determine if we need to use "cn=changelog5,cn=config" or not + block: + - name: Create changelog configuration entry + ldap_entry: + server_uri: "{{ dirsrv_server_uri }}" + validate_certs: "{{ dirsrv_tls_certificate_trusted }}" + start_tls: "{{ dirsrv_use_starttls }}" + bind_dn: "{{ dirsrv_rootdn }}" + bind_pw: "{{ dirsrv_rootdn_password }}" + dn: "cn=changelog5,cn=config" + objectClass: + - top + - extensibleObject + attributes: + cn: "changelog5" + # Fails if this is not set, although it's not a MUST attribute + # (but there's dark magic taking place with extensibleObject) + nsslapd-changelogdir: "/var/lib/dirsrv/slapd-{{ dirsrv_serverid }}/changelogdb" + state: present -- name: Configure changelog - ldap_attrs: - server_uri: "{{ dirsrv_server_uri }}" - validate_certs: "{{ dirsrv_tls_certificate_trusted }}" - start_tls: "{{ dirsrv_use_starttls }}" - bind_dn: "{{ dirsrv_rootdn }}" - bind_pw: "{{ dirsrv_rootdn_password }}" - dn: "cn=changelog5,cn=config" - name: "{{ item.name }}" - values: "{{ item.value }}" - state: exact - attributes: - nsslapd-changelogdir: "/var/lib/dirsrv/slapd-{{ dirsrv_serverid }}/changelogdb" - nsslapd-changelogmaxage: "{{ dirsrv_changelog_max_age }}" + - name: Configure changelog + ldap_attrs: + server_uri: "{{ dirsrv_server_uri }}" + validate_certs: "{{ dirsrv_tls_certificate_trusted }}" + start_tls: "{{ dirsrv_use_starttls }}" + bind_dn: "{{ dirsrv_rootdn }}" + bind_pw: "{{ dirsrv_rootdn_password }}" + dn: "cn=changelog5,cn=config" + name: "{{ item.name }}" + values: "{{ item.value }}" + state: exact + attributes: + nsslapd-changelogdir: "/var/lib/dirsrv/slapd-{{ dirsrv_serverid }}/changelogdb" + nsslapd-changelogmaxage: "{{ dirsrv_changelog_max_age }}" + when: "ansible_facts['distribution_major_version'] | int >= 8"