From: Frank Brehm Date: Thu, 12 Dec 2024 16:20:32 +0000 (+0100) Subject: Fixing roles/389ds-config-plugins/tasks/account-policy.yaml X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=13b836d18d8a5b574102230d689646803c988c57;p=pixelpark%2Fpp-admin-tools.git Fixing roles/389ds-config-plugins/tasks/account-policy.yaml --- diff --git a/inventory/dpx-ldap-dev1.yaml b/inventory/dpx-ldap-dev1.yaml index cce6422..f585565 100644 --- a/inventory/dpx-ldap-dev1.yaml +++ b/inventory/dpx-ldap-dev1.yaml @@ -56,11 +56,11 @@ all: ensure: absent # Tempporary - ds389_logging_config: false - ds389_plugin_memberof_config: false - ds389_plugin_referint_config: false + # ds389_logging_config: false + # ds389_plugin_memberof_config: false + # ds389_plugin_referint_config: false # ds389_plugin_attr_uniq_config: false - ds389_plugin_account_policy_config: false + # ds389_plugin_account_policy_config: false haproxy_servers: hosts: diff --git a/roles/389ds-config-plugins/tasks/account-policy.yaml b/roles/389ds-config-plugins/tasks/account-policy.yaml index abb0201..6049793 100644 --- a/roles/389ds-config-plugins/tasks/account-policy.yaml +++ b/roles/389ds-config-plugins/tasks/account-policy.yaml @@ -47,7 +47,7 @@ set_fact: acc_plugin_cfg: "{{ plugin_account_policy_config | ansible.builtin.combine(plugin_account_policy_config_entry, list_merge='append_rp', recursive=true) }}" -- name: "The account-policy Plugin configuration:" +- name: "The current account-policy Plugin configuration:" debug: var: acc_plugin_cfg verbosity: 0 @@ -70,7 +70,9 @@ - name: 'Check for alt-state-attr' set_fact: exec_set: true - when: "ds389_plugin_account_policy_alt_state_attr is not empty and ('altstateattrname' not in acc_plugin_cfg or (acc_plugin_cfg['altstateattrname'] != ds389_plugin_account_policy_alt_state_attr))" + when: "ds389_plugin_account_policy_alt_state_attr is not empty \ + and ('altstateattrname' not in acc_plugin_cfg \ + or ((acc_plugin_cfg['altstateattrname'] | lower) != (ds389_plugin_account_policy_alt_state_attr | string | lower)))" - name: 'Check for always-record-login-attr for vanishing' set_fact: @@ -80,7 +82,9 @@ - name: 'Check for always-record-login-attr' set_fact: exec_set: true - when: "ds389_plugin_account_policy_always_record_login_attr is not empty and ('alwaysrecordloginattr' not in acc_plugin_cfg or (acc_plugin_cfg['alwaysrecordloginattr'] != ds389_plugin_account_policy_always_record_login_attr))" + when: "ds389_plugin_account_policy_always_record_login_attr is not empty \ + and ('alwaysrecordloginattr' not in acc_plugin_cfg \ + or (acc_plugin_cfg['alwaysrecordloginattr'] != ds389_plugin_account_policy_always_record_login_attr))" - name: 'Check limit-attr for vanishing' set_fact: @@ -90,7 +94,9 @@ - name: 'Check limit-attr' set_fact: exec_set: true - when: "ds389_plugin_account_policy_limit_attr is not empty and ('limitattrname' not in acc_plugin_cfg or ((acc_plugin_cfg['limitattrname'] | lower) != (ds389_plugin_account_policy_limit_attr | lower)))" + when: "ds389_plugin_account_policy_limit_attr is not empty \ + and ('limitattrname' not in acc_plugin_cfg \ + or ((acc_plugin_cfg['limitattrname'] | lower) != (ds389_plugin_account_policy_limit_attr | lower)))" - name: 'Check spec-attr for vanishing' set_fact: @@ -100,7 +106,9 @@ - name: 'Check spec-attr' set_fact: exec_set: true - when: "ds389_plugin_account_policy_spec_attr is not empty and ('specattrname' not in acc_plugin_cfg or ((acc_plugin_cfg['specattrname'] | lower) != (ds389_plugin_account_policy_spec_attr | lower)))" + when: "ds389_plugin_account_policy_spec_attr is not empty \ + and ('specattrname' not in acc_plugin_cfg \ + or ((acc_plugin_cfg['specattrname'] | lower) != (ds389_plugin_account_policy_spec_attr | lower)))" - name: 'Check state-attr for vanishing' set_fact: @@ -110,7 +118,9 @@ - name: 'Check state-attr' set_fact: exec_set: true - when: "ds389_plugin_account_policy_state_attr is not empty and ('stateattrname' not in acc_plugin_cfg or ((acc_plugin_cfg['stateattrname'] | lower) != (ds389_plugin_account_policy_state_attr | lower)))" + when: "ds389_plugin_account_policy_state_attr is not empty \ + and ('stateattrname' not in acc_plugin_cfg \ + or ((acc_plugin_cfg['stateattrname'] | lower) != (ds389_plugin_account_policy_state_attr | lower)))" - name: 'Check login-history-size for vanishing' set_fact: @@ -120,7 +130,9 @@ - name: 'Check login-history-size' set_fact: exec_set: true - when: "ds389_plugin_account_policy_login_history_size is not empty and ('lastloginhistsize' not in acc_plugin_cfg or (acc_plugin_cfg['lastloginhistsize'] != ds389_plugin_account_policy_login_history_size ))" + when: "ds389_plugin_account_policy_login_history_size is not empty \ + and ('lastloginhistsize' not in acc_plugin_cfg \ + or (acc_plugin_cfg['lastloginhistsize'] != ds389_plugin_account_policy_login_history_size ))" - name: 'Check check-all-state-attrs for vanishing' set_fact: @@ -130,7 +142,9 @@ - name: 'Check check-all-state-attrs' set_fact: exec_set: true - when: "ds389_plugin_account_policy_check_all_state_attrs is not empty and (('checkallstateattrs' not in acc_plugin_cfg) or (acc_plugin_cfg['checkallstateattrs'] | bool) != (ds389_plugin_account_policy_check_all_state_attrs | bool))" + when: "ds389_plugin_account_policy_check_all_state_attrs is not empty \ + and (('checkallstateattrs' not in acc_plugin_cfg) \ + or (acc_plugin_cfg['checkallstateattrs'] | bool) != (ds389_plugin_account_policy_check_all_state_attrs | bool))" - name: "Task block for removing pointless config entries." when: attrs_remove | length > 0