How to use changed_when with user:

Trying to learn more about how to use Ansible. I’ve got a situation where a mix of local and LDAP users may exist on a box. In some situations user1 may either be a local user or LDAP user.

I created a task to remove certain users. The LDAP users are always marked as “changed” when obviously they aren’t. Is there a way to modify the report to say “ok?”

I know how to do this with “command:” but not “user:.”

I get “error while evaluating conditional” when using, changed_when: “result.state != absent”

Running debug on “result” shows LDAP users have state=absent:

“item”: “user1”,
“name”: “user1”,
“remove”: false,
“shell”: “/bin/bash”,
“state”: “absent”,
“stderr”: “userdel: error deleting password entry\nuserdel: error deleting shadow password entry\n”,

What I’d like to do is something like: not_changed_when: “result.state == absent”

Is there anyway to translate that into something that would work?

Thanks,
Kent

tasks:

• name: remove users
  user: name={{ item }} state=absent
  register: result
  not_changed_when: “result.state != absent”
  with_items:
• local-user1
• ldap-user1
• ldap-user2

There is nothing called “not_changed_when” so you are making syntax up that won’t work

It seems you want to say

changed_when: “result.state == ‘absent’”

However this also seems excessive, because the default state of the module should be to return unchanged if it didn’t make any changes.

Ergo, changed_when can be omitted.

If you are having an error when deleting a pre-deleted user, this won’t help anyway, and I’d like more info. Please include the output of running this step with “-v”, unfiltered, rather than just showing the middle of it, and let me know your OS and ansible version.

Thanks!