Load module under cn=module{0},cn=config with ldap_entry module

Halolu · January 16, 2025, 4:49pm

Here is a simple task that loads two modules. I specify cn=module{0},cn=config as the dn targeted.

    - name: Load auditlog module
      community.general.ldap_entry:
        state: present
        dn: cn=module{0},cn=config
        objectClass:
          - olcModuleList
          - top
        attributes:
          olcModuleLoad: "auditlog.la"
          olcmodulepath: "/usr/lib/ldap"
          cn: module
    - name: Load memberof module
      community.general.ldap_entry:
        state: present
        dn: cn=module{0},cn=config
        objectClass:
          - olcModuleList
          - top
        attributes:
          olcModuleLoad: "memberof.la"
          olcmodulepath: "/usr/lib/ldap"
          cn: module

My task are seen as “OK” and not “changed”:

TASK [reconfigure_slapd : Load auditlog module] **********************************************************************************************************************
ok: [ldapAnsible]
TASK [reconfigure_slapd : Load memberof module] ********************************************************************************************************************************************
ok: [ldapAnsible]

If I’m going to my ldapserver, nothing changed:

ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=module{0},cn=config" '(objectClass=olcModuleList)' olcModuleLoad

# module{0}, config
dn: cn=module{0},cn=config
olcModuleLoad: {0}back_mdb

But If I’m targeting cn=module,cn=config as dn:

    - name: Load auditlog module
      community.general.ldap_entry:
        state: present
        dn: cn=module,cn=config
        objectClass:
          - olcModuleList
          - top
        attributes:
          olcModuleLoad: "auditlog.la"
          olcmodulepath: "/usr/lib/ldap"
          cn: module
    - name: Load memberof module
      community.general.ldap_entry:
        state: present
        dn: cn=module,cn=config
        objectClass:
          - olcModuleList
          - top
        attributes:
          olcModuleLoad: "memberof.la"
          olcmodulepath: "/usr/lib/ldap"
          cn: module

My tasks are seen as “changed”:

TASK [reconfigure_slapd : Load auditlog module] ********************************************************************************************************************************************
changed: [ldapAnsible]

TASK [reconfigure_slapd : Load memberof module] ********************************************************************************************************************************************
changed: [ldapAnsible]

On my ldapserver I have:

# module{1}, config
dn: cn=module{1},cn=config
olcModuleLoad: {0}auditlog.la
# module{2}, config
dn: cn=module{2},cn=config
olcModuleLoad: {0}memberof.la

I want to load all of my modules under dn: cn=module{0},cn=config.
How can I do that ?

Topic		Replies	Views
LDAP modules Ansible Developer ubuntu	2	1	July 17, 2015
Setting up ldap auth on Ubuntu Get Help ubuntu	4	261	July 2, 2024
Using ldap_attr to set root password works but shows failed Ansible Project ubuntu	1	0	January 26, 2017
Unknown error with arguments of roles Ansible Project	5	2	December 13, 2021
change in behaviour of "when:" Ansible Project	5	0	October 12, 2013

Load module under cn=module{0},cn=config with ldap_entry module

Related topics