diff --git a/roles/ldap_server/tasks/main.yml b/roles/ldap_server/tasks/main.yml index 2a60c2f2617410c6158ada68f1233d2d784acd38..f02f1e805da6cf0e6c6f18bf9c8068351b237af8 100644 --- a/roles/ldap_server/tasks/main.yml +++ b/roles/ldap_server/tasks/main.yml @@ -245,22 +245,14 @@ notify: - Restart ferm -# @TODO: This whole thing could be dropped if newer version of Ansible -# was in use (where community collection has the ldap_search -# module. -- name: Deploy temporary file with LDAP admin password - ansible.builtin.template: - src: "ldap_admin_password.j2" - dest: "/root/.ldap_admin_password" - owner: root - group: root - mode: "0400" - changed_when: false - -- name: Test if LDAP admin password needs to be changed - ansible.builtin.command: "ldapwhoami -H ldapi:/// -D 'cn=admin,{{ ldap_server_int_basedn }}' -x -y /root/.ldap_admin_password" +- name: Test LDAP admin password + community.general.ldap_search: + bind_dn: "cn=admin,{{ ldap_server_int_basedn }}" + bind_pw: "{{ ldap_admin_password }}" + server_uri: "ldapi:///" + dn: "{{ ldap_server_int_basedn }}" + scope: base register: ldap_admin_password_check - changed_when: ldap_admin_password_check.rc != 0 failed_when: false - name: Update LDAP admin password @@ -269,13 +261,8 @@ attributes: olcRootPW: "{{ ldap_admin_password | ldap_password_hash }}" state: exact - when: ldap_admin_password_check.rc != 0 - -- name: Remove temporary file with LDAP admin password - ansible.builtin.file: - path: "/root/.ldap_admin_password" - state: absent - changed_when: false + no_log: true + when: "'results' not in ldap_admin_password_check" - name: Enable backup ansible.builtin.import_tasks: backup.yml diff --git a/roles/ldap_server/templates/ldap_admin_password.j2 b/roles/ldap_server/templates/ldap_admin_password.j2 deleted file mode 100644 index 1e2c3146e56d351f703bae7dc0fdae487ec9ee2b..0000000000000000000000000000000000000000 --- a/roles/ldap_server/templates/ldap_admin_password.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ ldap_admin_password }} \ No newline at end of file