ansible-collections
ldap_attrs: single-valued attribute has multiple values
Summary
When running this play;
- name: "Change LDAP attributes"
community.general.ldap_attrs:
dn: "cn=config"
attributes: "{{ config_modifications }}"
bind_dn: "{{ bind_dn }}"
bind_pw: "{{ bind_password }}"
server_uri: "ldaps://{{ idm_server }}"
And the following attributes:
config_modifications:
nsslapd-allow-anonymous-access: "rootdse"
nsslapd-minssf: "56"
nsslapd-auditlog-logging-enabled: "on"
nsslapd-accesslog-logmaxdiskspace: "1000"
nsslapd-accesslog-maxlogsize: "200"
nsslapd-sizelimit: "5000"
It fails with the following error:
"details": "{'msgtype': 103, 'msgid': 8, 'result': 65, 'desc': 'Object class violation', 'ctrls': [], 'info': 'single-valued attribute \"nsslapd-accesslog-logmaxdiskspace\" has multiple values\\n'}",
Removing just that attribute results in a working playbook, but i don't understand what is wrong with it?
Entire output;
{
"details": "{'msgtype': 103, 'msgid': 8, 'result': 65, 'desc': 'Object class violation', 'ctrls': [], 'info': 'single-valued attribute \"nsslapd-accesslog-logmaxdiskspace\" has multiple values\\n'}",
"msg": "Attribute action failed.",
"invocation": {
"module_args": {
"dn": "cn=config",
"attributes": {
"nsslapd-allow-anonymous-access": "rootdse",
"nsslapd-minssf": "56",
"nsslapd-auditlog-logging-enabled": "on",
"nsslapd-accesslog-logmaxdiskspace": "1000",
"nsslapd-accesslog-maxlogsize": "200",
"nsslapd-sizelimit": "5000"
},
"bind_dn": "cn=Directory Manager",
"bind_pw": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server_uri": "ldaps://XXX",
"ordered": false,
"state": "present",
"referrals_chasing": "anonymous",
"start_tls": false,
"validate_certs": true,
"sasl_class": "external",
"xorder_discovery": "auto",
"ca_path": null,
"client_cert": null,
"client_key": null
}
},
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"_ansible_no_log": null,
"changed": false
}
Issue Type
Bug Report
Component Name
community.general.ldap_attrs
Ansible Version
Ansible Automation Platform Controller 4.4.7
Community.general Version
8.1.0 (Automation Hub)
Configuration
$ ansible-config dump --only-changed
OS / Environment
RHEL8
Steps to Reproduce
- name: "Change LDAP attributes"
community.general.ldap_attrs:
dn: "cn=config"
attributes: "{{ config_modifications }}"
bind_dn: "{{ bind_dn }}"
bind_pw: "{{ bind_password }}"
server_uri: "ldaps://{{ idm_server }}"
And the following attributes:
config_modifications:
nsslapd-allow-anonymous-access: "rootdse"
nsslapd-minssf: "56"
nsslapd-auditlog-logging-enabled: "on"
nsslapd-accesslog-logmaxdiskspace: "1000"
nsslapd-accesslog-maxlogsize: "200"
nsslapd-sizelimit: "5000"
Expected Results
Changed LDAP attr
Actual Results
"details": "{'msgtype': 103, 'msgid': 8, 'result': 65, 'desc': 'Object class violation', 'ctrls': [], 'info': 'single-valued attribute \"nsslapd-accesslog-logmaxdiskspace\" has multiple values\\n'}",
Code of Conduct
- [X] I agree to follow the Ansible Code of Conduct
Files identified in the description:
If these files are incorrect, please update the component name section of the description or use the !component bot command.
You might want to use state=exact instead of state=present. According to the docs:
If V(present), all given attribute values will be added if they're missing
Emphasesis mine. Apparently there's already a value, and you tell the module to add another one - which results in an invalid state. You want this behavior:
If V(exact), the set of attribute values will be forced to exactly those provided and no others.
