I am learning ansible and i have written a task for LDAP validation. However, when i run the playbook, the task is failing even when the validation is correct.
Below is the ansible task which will check for the LDAP password max age
- name: LDAP Validation
shell: /usr/bin/ldapsearch -w admin -H ldap://localhost:10389 -x -D "cn=manager,dc=apache,dc=com" -b "cn=default,ou=pwpolicies,dc=apache,dc=com" | grep 'pwdMaxAge'
register: output
- name: LDAP password age check
fail:
msg: "Password MaxAge not set to 0"
when: output.stdout != "pwdMaxAge: 0"
Below is the new syntax error that ansible is throwing after task was updated.
ERROR! Syntax Error while loading YAML.
mapping values are not allowed here
The error appears to have been in '/etc/ansible/server/roles/LDAP/tasks/ldap.yml': line 40, column 36, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
msg: "Password MaxAge not set to 0"
when: output.stdout != "pwdMaxAge: 0"
^ here
The variable output is a dictionary; it doesn't make sense to compare it to a string: the comparison will never be equal. Take a look at the documentation to see what values are returned by the shell module.
For example, you might end up checking the stdout attribute like this:
- name: LDAP password age check
fail:
msg: "Password MaxAge not set to 0"
when: 'output.stdout != "pwdMaxAge: 0"'
As @PatrickForget suggested, you can use a debug task to inspect your registered variable:
- name: show output variable
debug:
var: output