- name: 'Check for alt-state-attr for vanishing'
set_fact:
attrs_remove: "{{ alt-state-attr + ['altstateattrname']"
- when: "('altstateattrname' in acc_plugin_cfg) and (ds389_plugin_account_policy_alt-state-attr == None or ds389_plugin_account_policy_alt-state-attr == '')"
+ when: "('altstateattrname' in acc_plugin_cfg) and (ds389_plugin_account_policy_alt_state_attr == None or ds389_plugin_account_policy_alt_state_attr == '')"
- name: 'Check for alt-state-attr'
set_fact:
- name: 'Check for always-record-login-attr for vanishing'
set_fact:
- attrs_remove: "{{ always-record-login-attr + ['alwaysrecordloginattr']"
+ attrs_remove: "{{ attrs_remove + ['alwaysrecordloginattr']"
when: "('alwaysrecordloginattr' in acc_plugin_cfg) and (ds389_plugin_account_policy_always-record-login-attr == None or ds389_plugin_account_policy_always-record-login-attr == '')"
- name: 'Check for always-record-login-attr'
exec_set: true
when: "ds389_plugin_account_policy_always_record_login_attr != None and ds389_plugin_account_policy_always_record_login_attr != '' and ('alwaysrecordloginattr' not in acc_plugin_cfg or (acc_plugin_cfg['alwaysrecordloginattr'] != ds389_plugin_account_policy_always_record_login_attr))"
-# Failing: --limit-attr --spec-attr --state-attr --login-history-size --check-all-state-attrs
+- name: 'Check limit-attr for vanishing'
+ set_fact:
+ attrs_remove: "{{ attrs_remove + ['limitattrname'] }}"
+ when: "('limitattrname' in acc_plugin_cfg) and (ds389_plugin_account_policy_limit_attr == None or ds389_plugin_account_policy_limit_attr == '')"
+
+- name: 'Check limit-attr'
+ set_fact:
+ exec_set: true
+ when: "ds389_plugin_account_policy_limit_attr != None and ds389_plugin_account_policy_limit_attr != '' and ('limitattrname' not in acc_plugin_cfg or ((acc_plugin_cfg['limitattrname'] | lower) != (ds389_plugin_account_policy_limit_attr | lower)))"
+
+- name: 'Check spec-attr for vanishing'
+ set_fact:
+ attrs_remove: "{{ attrs_remove + ['specattrname'] }}"
+ when: "('specattrname' in acc_plugin_cfg) and (ds389_plugin_account_policy_spec_attr == None or ds389_plugin_account_policy_spec_attr == '')"
+
+- name: 'Check spec-attr'
+ set_fact:
+ exec_set: true
+ when: "ds389_plugin_account_policy_spec_attr != None and ds389_plugin_account_policy_spec_attr != '' and ('specattrname' not in acc_plugin_cfg or ((acc_plugin_cfg['specattrname'] | lower) != (ds389_plugin_account_policy_spec_attr | lower)))"
+
+- name: 'Check state-attr for vanishing'
+ set_fact:
+ attrs_remove: "{{ attrs_remove + ['stateattrname'] }}"
+ when: "('stateattrname' in acc_plugin_cfg) and (ds389_plugin_account_policy_state_attr == None or ds389_plugin_account_policy_state_attr == '')"
+
+- name: 'Check state-attr'
+ set_fact:
+ exec_set: true
+ when: "ds389_plugin_account_policy_state_attr != None and ds389_plugin_account_policy_state_attr != '' and ('stateattrname' not in acc_plugin_cfg or ((acc_plugin_cfg['stateattrname'] | lower) != (ds389_plugin_account_policy_state_attr | lower)))"
+
+- name: 'Check login-history-size for vanishing'
+ set_fact:
+ attrs_remove: "{{ attrs_remove + ['lastloginhistsize'] }}"
+ when: "('lastloginhistsize' in acc_plugin_cfg) and (ds389_plugin_account_policy_login_history_size == None or ds389_plugin_account_policy_login_history_size == '')"
+
+- name: 'Check login-history-size'
+ set_fact:
+ exec_set: true
+ when: "ds389_plugin_account_policy_login_history_size != None and ds389_plugin_account_policy_login_history_size != '' and ('lastloginhistsize' not in acc_plugin_cfg or (acc_plugin_cfg['lastloginhistsize'] != ds389_plugin_account_policy_login_history_size ))"
+
+- name: 'Check check-all-state-attrs for vanishing'
+ set_fact:
+ attrs_remove: "{{ attrs_remove + ['checkallstateattrs'] }}"
+ when: "('checkallstateattrs' in acc_plugin_cfg) and (ds389_plugin_account_policy_check_all_state_attrs == None or ds389_plugin_account_policy_check_all_state_attrs == '')"
+
+- name: 'Check check-all-state-attrs'
+ set_fact:
+ exec_set: true
+ when: "ds389_plugin_account_policy_check_all_state_attrs != None and ds389_plugin_account_policy_check_all_state_attrs != '' and (('checkallstateattrs' not in acc_plugin_cfg) or (acc_plugin_cfg['checkallstateattrs'] | bool) != (ds389_plugin_account_policy_check_all_state_attrs | bool))"
+
+- name: "Task block for removing pointless config entries."
+ when: attrs_remove | length > 0
+ block:
+
+ - name: "Account policy config entries to remove:"
+ debug:
+ var: attrs_remove
+ verbosity: 0
+
+ - name: "Removing account policy config entries from config entry."
+ community.general.ldap_attrs:
+ dn: "{{ acc_plugin_entry }}"
+ attributes:
+ "{{ attribute }}": []
+ state: exact
+ server_uri: "{{ ldap_uri }}"
+ bind_dn: "{{ dirsrv_root_dn }}"
+ bind_pw: "{{ dirsrv_root_passwd }}"
+ loop: "{{ attrs_remove }}"
+ loop_control:
+ loop_var: attribute
+
+ - name: "Set var restart_389ds to true."
+ set_fact:
+ restart_389ds: true
- name: 'Setting new configuration for account-policy Plugin'
when: exec_set == true
plugin_acc_policy_cmd: "{{ plugin_acc_policy_cmd }} --always-record-login-attr {{ ds389_plugin_account_policy_always_record_login_attr | quote }}"
when: ds389_plugin_account_policy_always_record_login_attr != None and ds389_plugin_account_policy_always_record_login_attr != ''
+ - name: "Add --limit-attr to command."
+ set_fact:
+ plugin_acc_policy_cmd: "{{ plugin_acc_policy_cmd }} --limit-attr {{ ds389_plugin_account_policy_limit_attr | quote }}"
+ when: ds389_plugin_account_policy_limit_attr != None and ds389_plugin_account_policy_limit_attr != ''
+
+ - name: "Add --spec-attr to command"
+ set_fact:
+ plugin_acc_policy_cmd: "{{ plugin_acc_policy_cmd }} --spec-attr {{ ds389_plugin_account_policy_spec_attr | quote }}"
+ when: ds389_plugin_account_policy_spec_attr != None and ds389_plugin_account_policy_spec_attr != ''
+
+ - name: "Add --state-attr to command"
+ set_fact:
+ plugin_acc_policy_cmd: "{{ plugin_acc_policy_cmd }} --state-attr {{ ds389_plugin_account_policy_state_attr | quote }}"
+ when: ds389_plugin_account_policy_state_attr != None and ds389_plugin_account_policy_state_attr != ''
+
+ - name: "Add --login-history-size to command"
+ set_fact:
+ plugin_acc_policy_cmd: "{{ plugin_acc_policy_cmd }} --login-history-size {{ ds389_plugin_account_policy_login_history_size | quote }}"
+ when: ds389_plugin_account_policy_login_history_size != None and ds389_plugin_account_policy_login_history_size!= ''
+
+ - name: "Add --check-all-state-attrs to command"
+ set_fact:
+ plugin_acc_policy_cmd: "{{ plugin_acc_policy_cmd }} --check-all-state-attrs {{ ds389_plugin_account_policy_check_all_state_attrs | bool_to_yes_no }}"
+ when: ds389_plugin_account_policy_check_all_state_attrs != None and ds389_plugin_account_policy_check_all_state_attrs != ''
+
- name: "Add config DN to plugin_acc_policy_cmd."
set_fact:
plugin_acc_policy_cmd: "{{ plugin_acc_policy_cmd }} {{ acc_plugin_entry | quote }}"
var: plugin_acc_policy_cmd
verbosity: 0
-
# vim: filetype=yaml
projects / pixelpark / pp-admin-tools.git / commitdiff