With ansible 2.10 I use the ldap_attrs module to enable the openldap memberof module:
- name: Enable memberof module
ldap_attrs:
dn: cn=module{0},cn=config
attributes:
olcModuleLoad: memberof.so
state: present
The first time the task is executed works well, but if I play the playbook a second time it fails:
fatal: [myserver.mydomain.tld]: FAILED! => {"changed": false, "details": "{'info': u'modify/add: olcModuleLoad: value #0 already exists', 'desc': u'Type or value exists'}", "msg": "Attribute action failed."}
already exists sounds like something I expect, so I am surprised that it is considered fatal.
Is it an ansible bug, or did I miss something in the configuration?
In september '21 this is not yet supported by ansible.
I could automate the memberof and refint installation and configuration based on those workarounds:
- ldap_attrs:
server_uri: "{{ ldap_api_url }}"
dn: cn=module{0},cn=config
attributes:
olcModuleLoad:
- refint.so
register: ldap_attrs_result
failed_when:
- ldap_attrs_result.failed
- ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"
- ldap_attrs:
server_uri: "{{ ldap_api_url }}"
dn: cn=module{0},cn=config
attributes:
olcModuleLoad:
- memberof.so
register: ldap_attrs_result
failed_when:
- ldap_attrs_result.failed
- ldap_attrs_result.details is not defined or (ldap_attrs_result.details|from_yaml)["desc"] != "Type or value exists"
- ldap_entry:
server_uri: "{{ ldap_api_url }}"
dn: olcOverlay=refint,olcDatabase={1}mdb,cn=config
objectClass:
- olcOverlayConfig
- olcRefintConfig
attributes:
olcOverlay: refint
olcRefintAttribute: memberof member manager owner
- ldap_entry:
server_uri: "{{ ldap_api_url }}"
dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
objectClass:
- olcOverlayConfig
- olcMemberOf
attributes:
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: "TRUE"
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf