From a03bf44f27ee97cd059cf2f9d22c6d48f514d9b2 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Thu, 15 Oct 2020 17:00:14 +0200 Subject: [PATCH] Fixing roles/base/tasks/config_root_account.yaml --- roles/base/tasks/config_root_account.yaml | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/roles/base/tasks/config_root_account.yaml b/roles/base/tasks/config_root_account.yaml index a6aafa8..000ed4c 100644 --- a/roles/base/tasks/config_root_account.yaml +++ b/roles/base/tasks/config_root_account.yaml @@ -16,16 +16,17 @@ when: admin_password.rc != 0 - set_fact: - admin_password_hash: "{{ admin_password.stdout }}" + admin_password_hash: "{{ admin_password.stdout }}" + no_log: True - name: "Detecting a possibly defined root dn for config database" - shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b 'cn=config' -o ldif-wap=no olcRootDN | grep -i '^olcRootPW:' | sed -e 's/^olcRootDN:[ ]*//i'" + shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b 'olcDatabase={0}config,cn=config' -o ldif-wrap=no olcRootDN | grep -i '^olcRootDN:' | sed -e 's/^olcRootDN:[ ]*//i'" changed_when: False ignore_errors: True register: current_config_admin_dn - name: "Detecting a possibly defined hashed root password for config database" - shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b 'cn=config' -o ldif-wrap=no olcRootPW | grep -i '^olcRootPW:' | sed -e 's/^olcRootPW:[ ]*//i'" + shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b 'olcDatabase={0}config,cn=config' -o ldif-wrap=no olcRootPW | grep -i '^olcRootPW:' | sed -e 's/^olcRootPW:[ ]*//i'" changed_when: False ignore_errors: True no_log: True @@ -83,7 +84,7 @@ path: "{{ rootdn_config_file.path }}" state: absent - when: (current_config_admin_dn.rc != 0) or (current_config_admin_dn.stdout != config_admin_dn + when: (current_config_admin_dn.rc != 0) or (current_config_admin_dn.stdout != config_admin_dn) ################################################################ # Setting the paasword for admin account for the config database @@ -116,15 +117,6 @@ mode: 0644 when: current_config_admin_pw.rc == 0 - - name: "Get content of managing RootPW for config database file" - shell: "cat '{{ rootpw_config_file.path }}'" - register: content_rootpw_config_file - changed_when: False - no_log: True - - - name: "Show content of managing RootPW for config database file." - debug: msg={{ content_rootpw_config_file.stdout_lines }} - - name: "Applying managing RootPW for config database file." shell: "ldapadd -Q -Y EXTERNAL -H ldapi:/// -f '{{ rootpw_config_file.path }}'" @@ -140,6 +132,6 @@ path: "{{ rootpw_config_file.path }}" state: absent - when: (current_config_admin_pw.rc != 0) or (current_config_admin_pw.stdout != admin_password_hash + when: (current_config_admin_pw.rc != 0) or (current_config_admin_pw.stdout != admin_password_hash) -- 2.39.5