Fixing roles/base/tasks/config_root_account.yaml

author Frank Brehm <frank.brehm@pixelpark.com>

Thu, 15 Oct 2020 15:00:14 +0000 (17:00 +0200)

committer Frank Brehm <frank.brehm@pixelpark.com>

Thu, 15 Oct 2020 15:00:14 +0000 (17:00 +0200)
author Frank Brehm <frank.brehm@pixelpark.com>
Thu, 15 Oct 2020 15:00:14 +0000 (17:00 +0200)
committer Frank Brehm <frank.brehm@pixelpark.com>
Thu, 15 Oct 2020 15:00:14 +0000 (17:00 +0200)
diff --git a/roles/base/tasks/config_root_account.yaml b/roles/base/tasks/config_root_account.yaml

index a6aafa87541c232e8f114337040ca906d2a38c52..000ed4cff58ca4b0440d5a9015c33a00e75116b2 100644 (file)
--- a/roles/base/tasks/config_root_account.yaml
+++ b/roles/base/tasks/config_root_account.yaml
@@ -16,16 +16,17 @@
    when: admin_password.rc != 0
  
  - set_fact:
-  admin_password_hash: "{{ admin_password.stdout }}"
+    admin_password_hash: "{{ admin_password.stdout }}"
+  no_log: True
  
  - name: "Detecting a possibly defined root dn for config database"
-  shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b 'cn=config' -o ldif-wap=no olcRootDN | grep -i '^olcRootPW:' | sed -e 's/^olcRootDN:[         ]*//i'"
+  shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b 'olcDatabase={0}config,cn=config' -o ldif-wrap=no olcRootDN | grep -i '^olcRootDN:' | sed -e 's/^olcRootDN:[  ]*//i'"
    changed_when: False
    ignore_errors: True
    register: current_config_admin_dn
  
  - name: "Detecting a possibly defined hashed root password for config database"
-  shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b 'cn=config' -o ldif-wrap=no olcRootPW | grep -i '^olcRootPW:' | sed -e 's/^olcRootPW:[        ]*//i'"
+  shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b 'olcDatabase={0}config,cn=config' -o ldif-wrap=no olcRootPW | grep -i '^olcRootPW:' | sed -e 's/^olcRootPW:[  ]*//i'"
    changed_when: False
    ignore_errors: True
    no_log: True
@@ -83,7 +84,7 @@
          path: "{{ rootdn_config_file.path }}"
          state: absent
  
-  when: (current_config_admin_dn.rc != 0) or (current_config_admin_dn.stdout != config_admin_dn
+  when: (current_config_admin_dn.rc != 0) or (current_config_admin_dn.stdout != config_admin_dn)
  
  ################################################################
  # Setting the paasword for admin account for the config database
@@ -116,15 +117,6 @@
        mode: 0644
      when: current_config_admin_pw.rc == 0
  
-  - name: "Get content of managing RootPW for config database file"
-    shell: "cat '{{ rootpw_config_file.path }}'"
-    register: content_rootpw_config_file
-    changed_when: False
-    no_log: True
-
-  - name: "Show content of managing RootPW for config database file."
-    debug: msg={{ content_rootpw_config_file.stdout_lines }}
-
    - name: "Applying  managing RootPW for config database file."
      shell: "ldapadd -Q -Y EXTERNAL -H ldapi:/// -f '{{ rootpw_config_file.path }}'"
  
@@ -140,6 +132,6 @@
          path: "{{ rootpw_config_file.path }}"
          state: absent
  
-  when: (current_config_admin_pw.rc != 0) or (current_config_admin_pw.stdout != admin_password_hash
+  when: (current_config_admin_pw.rc != 0) or (current_config_admin_pw.stdout != admin_password_hash)
author	Frank Brehm <frank.brehm@pixelpark.com>
	Thu, 15 Oct 2020 15:00:14 +0000 (17:00 +0200)
committer	Frank Brehm <frank.brehm@pixelpark.com>
	Thu, 15 Oct 2020 15:00:14 +0000 (17:00 +0200)