0

I am learning ansible and i have written a task for LDAP validation. However, when i run the playbook, the task is failing even when the validation is correct.

Below is the ansible task which will check for the LDAP password max age 

- name: LDAP Validation
      shell: /usr/bin/ldapsearch -w admin  -H ldap://localhost:10389 -x -D "cn=manager,dc=apache,dc=com" -b "cn=default,ou=pwpolicies,dc=apache,dc=com" | grep 'pwdMaxAge'
      register: output


- name: LDAP password age check 
  fail:
    msg: "Password MaxAge not set to 0"
  when: output.stdout != "pwdMaxAge: 0"

Below is the new syntax error that ansible is throwing after task was updated.

ERROR! Syntax Error while loading YAML.
  mapping values are not allowed here

The error appears to have been in '/etc/ansible/server/roles/LDAP/tasks/ldap.yml': line 40, column 36, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

    msg: "Password MaxAge not set to 0"
  when: output.stdout != "pwdMaxAge: 0"
                                   ^ here
larsks
  • 277,717
  • 41
  • 399
  • 399
learning fun
  • 519
  • 1
  • 5
  • 12
  • 1
    try doing a `- debug: var=output` see the structure of the variable usualy it's a sub property of the variable that will contain what you need – Patrick Forget May 15 '19 at 18:11

1 Answers1

1

The variable output is a dictionary; it doesn't make sense to compare it to a string: the comparison will never be equal. Take a look at the documentation to see what values are returned by the shell module.

For example, you might end up checking the stdout attribute like this:

- name: LDAP password age check 
  fail:
    msg: "Password MaxAge not set to 0"
  when: 'output.stdout != "pwdMaxAge: 0"'

As @PatrickForget suggested, you can use a debug task to inspect your registered variable:

- name: show output variable
  debug:
    var: output
larsks
  • 277,717
  • 41
  • 399
  • 399
  • Thank you for the reply. but the ansible task is failing again becoz of syntax even using the backslash before zero. – learning fun May 16 '19 at 18:36
  • Below is the error that ansible throws when executing the playbook. it is showing the error after ":" `The offending line appears to be:` msg: "Password MaxAge not set to 0" when: output.stdout != "pwdMaxAge: 0" ^ here – learning fun May 16 '19 at 18:43
  • Have you added a `debug` task to verify what the contents of `output` look like? Please update your question to show that in the playbook as well as the resulting output. – larsks May 16 '19 at 19:06
  • It's the `:` in your string: put quotes around the entire `when` expression. I've updated this answer (and verified that it validates). – larsks May 16 '19 at 20:16
  • Thanks larsks and others. – learning fun May 16 '19 at 21:26