Re: errors with ldap/init-directory

Am Mittwoch, den 31.03.2021, 13:41 +0200 schrieb Maciej Delmanowski: this works perfectly. I just can take the ldap server itselfs. but the creds of the ansible user are still stored in pass and they are only tranfered temporarily to the controller for this operation. Aren't they? What I don't understand: with which credentials the ansible controller then connects to the slapd server? We have this task: TASK [ldap : Remove the default cn=admin object] this removes the cn=admin,dc=example,dc=org object from DIT. But I can still connect with the cn=admin user? And debops tasks are executed also with this user. Let's say: I begin to understand more and more. What I don't understand: what is the idea to administer accounts in ldap directory with debops? I found the ldap__tasks but don't do anything, e.g.: ldap__host_tasks:   - name: 'create test user'     #dn: 'uid=dtuser,ou=People,dc=example,dc=org'     dn: '{{ [ "uid=" + "dtuser", ldap__people_rdn ] + ldap__base_dn }}'     objectClass: [ 'inetOrgPerson' ]     attributes:       cn: 'Debops Test User'       sn: 'User'       givenName: 'Debops'       uid: 'dtuser'       userPassword: 'secret' What do I have to do to perform this in debops? Or isn't this the idea behind ldap__tasks? Can we use this for just adding entries to the directory without enable ldap (ldap__enabled: False). Actually my plan is to use fusiondirectory for handling posix and samba3 (nt-style) accounts. I found https://github.com/debops/debops/is sues/1341 - and I get fusiondirectory basically working. But I get error on inserting posix users with  "Constraint violation (some attributes not unique, ". Maybe because https://bugs.openldap.org /show_bug.cgi?id=6825 The same problem occurs when I just try to add a posix user with gidNumber and a group with same gidNumber manually via ldifs. Did you ever got errors like this? Cheers Jan