Fixing roles/389ds-config-plugins/tasks/account-policy.yaml

diff --git a/inventory/dpx-ldap-dev1.yaml b/inventory/dpx-ldap-dev1.yaml
index cce6422855ca75fd3b5a8945f30e567427def965..f585565552c39ab87f4046d4398b4bb4f4673156 100644 (file)
--- a/inventory/dpx-ldap-dev1.yaml
+++ b/inventory/dpx-ldap-dev1.yaml
@@ -56,11 +56,11 @@ all:
             ensure: absent
 
         # Tempporary
-        ds389_logging_config: false
-        ds389_plugin_memberof_config: false
-        ds389_plugin_referint_config: false
+        # ds389_logging_config: false
+        # ds389_plugin_memberof_config: false
+        # ds389_plugin_referint_config: false
         # ds389_plugin_attr_uniq_config: false
-        ds389_plugin_account_policy_config: false
+        # ds389_plugin_account_policy_config: false
 
     haproxy_servers:
       hosts:

diff --git a/roles/389ds-config-plugins/tasks/account-policy.yaml b/roles/389ds-config-plugins/tasks/account-policy.yaml
index abb0201a8e79fec3dac4dfb7eac48c48a61ae2ed..60497939459b1c04b1ee82fcf86d16fae8056f19 100644 (file)
--- a/roles/389ds-config-plugins/tasks/account-policy.yaml
+++ b/roles/389ds-config-plugins/tasks/account-policy.yaml
@@ -47,7 +47,7 @@
   set_fact:
     acc_plugin_cfg: "{{ plugin_account_policy_config | ansible.builtin.combine(plugin_account_policy_config_entry, list_merge='append_rp', recursive=true) }}"
 
-- name: "The account-policy Plugin configuration:"
+- name: "The current account-policy Plugin configuration:"
   debug:
     var: acc_plugin_cfg
     verbosity: 0
@@ -70,7 +70,9 @@
 - name: 'Check for alt-state-attr'
   set_fact:
     exec_set: true
-  when: "ds389_plugin_account_policy_alt_state_attr is not empty and ('altstateattrname' not in acc_plugin_cfg or (acc_plugin_cfg['altstateattrname'] != ds389_plugin_account_policy_alt_state_attr))"
+  when: "ds389_plugin_account_policy_alt_state_attr is not empty \
+         and ('altstateattrname' not in acc_plugin_cfg \
+         or ((acc_plugin_cfg['altstateattrname'] | lower) != (ds389_plugin_account_policy_alt_state_attr | string | lower)))"
 
 - name: 'Check for always-record-login-attr for vanishing'
   set_fact:
@@ -80,7 +82,9 @@
 - name: 'Check for always-record-login-attr'
   set_fact:
     exec_set: true
-  when: "ds389_plugin_account_policy_always_record_login_attr is not empty and ('alwaysrecordloginattr' not in acc_plugin_cfg or (acc_plugin_cfg['alwaysrecordloginattr'] != ds389_plugin_account_policy_always_record_login_attr))"
+  when: "ds389_plugin_account_policy_always_record_login_attr is not empty \
+         and ('alwaysrecordloginattr' not in acc_plugin_cfg \
+         or (acc_plugin_cfg['alwaysrecordloginattr'] != ds389_plugin_account_policy_always_record_login_attr))"
 
 - name: 'Check limit-attr for vanishing'
   set_fact:
@@ -90,7 +94,9 @@
 - name: 'Check limit-attr'
   set_fact:
     exec_set: true
-  when: "ds389_plugin_account_policy_limit_attr is not empty and ('limitattrname' not in acc_plugin_cfg or ((acc_plugin_cfg['limitattrname'] | lower) != (ds389_plugin_account_policy_limit_attr | lower)))"
+  when: "ds389_plugin_account_policy_limit_attr is not empty \
+         and ('limitattrname' not in acc_plugin_cfg \
+         or ((acc_plugin_cfg['limitattrname'] | lower) != (ds389_plugin_account_policy_limit_attr | lower)))"
 
 - name: 'Check spec-attr for vanishing'
   set_fact:
@@ -100,7 +106,9 @@
 - name: 'Check spec-attr'
   set_fact:
     exec_set: true
-  when: "ds389_plugin_account_policy_spec_attr is not empty and ('specattrname' not in acc_plugin_cfg or ((acc_plugin_cfg['specattrname'] | lower) != (ds389_plugin_account_policy_spec_attr | lower)))"
+  when: "ds389_plugin_account_policy_spec_attr is not empty \
+         and ('specattrname' not in acc_plugin_cfg \
+         or ((acc_plugin_cfg['specattrname'] | lower) != (ds389_plugin_account_policy_spec_attr | lower)))"
 
 - name: 'Check state-attr for vanishing'
   set_fact:
@@ -110,7 +118,9 @@
 - name: 'Check state-attr'
   set_fact:
     exec_set: true
-  when: "ds389_plugin_account_policy_state_attr is not empty and ('stateattrname' not in acc_plugin_cfg or ((acc_plugin_cfg['stateattrname'] | lower) != (ds389_plugin_account_policy_state_attr | lower)))"
+  when: "ds389_plugin_account_policy_state_attr is not empty \
+         and ('stateattrname' not in acc_plugin_cfg \
+         or ((acc_plugin_cfg['stateattrname'] | lower) != (ds389_plugin_account_policy_state_attr | lower)))"
 
 - name: 'Check login-history-size for vanishing'
   set_fact:
@@ -120,7 +130,9 @@
 - name: 'Check login-history-size'
   set_fact:
     exec_set: true
-  when: "ds389_plugin_account_policy_login_history_size is not empty and ('lastloginhistsize' not in acc_plugin_cfg or (acc_plugin_cfg['lastloginhistsize'] != ds389_plugin_account_policy_login_history_size ))"
+  when: "ds389_plugin_account_policy_login_history_size is not empty \
+         and ('lastloginhistsize' not in acc_plugin_cfg \
+         or (acc_plugin_cfg['lastloginhistsize'] != ds389_plugin_account_policy_login_history_size ))"
 
 - name: 'Check check-all-state-attrs for vanishing'
   set_fact:
@@ -130,7 +142,9 @@
 - name: 'Check check-all-state-attrs'
   set_fact:
     exec_set: true
-  when: "ds389_plugin_account_policy_check_all_state_attrs is not empty and (('checkallstateattrs' not in acc_plugin_cfg) or (acc_plugin_cfg['checkallstateattrs'] | bool) != (ds389_plugin_account_policy_check_all_state_attrs | bool))"
+  when: "ds389_plugin_account_policy_check_all_state_attrs is not empty \
+         and (('checkallstateattrs' not in acc_plugin_cfg) \
+         or (acc_plugin_cfg['checkallstateattrs'] | bool) != (ds389_plugin_account_policy_check_all_state_attrs | bool))"
 
 - name: "Task block for removing pointless config entries."
   when: attrs_remove | length > 0