---
|
|
- name: 'renewing admin password - generation'
|
|
gen_passwd: 'length=32'
|
|
register: new_passwd
|
|
no_log: true
|
|
|
|
- name: 'renewing admin password - set fact'
|
|
set_fact:
|
|
ldap_passwd: '{{ new_passwd.passwd }}'
|
|
no_log: true
|
|
|
|
- name: 'renewing admin password - hashing'
|
|
shell: >
|
|
slappasswd
|
|
-o module-load=pw-sha2
|
|
-h "{SSHA512}"
|
|
-s {{ ldap_passwd | quote }}
|
|
register: new_passwd_hash
|
|
no_log: true
|
|
|
|
- name: 'renewing admin password - setting RootPW'
|
|
ldap_attr:
|
|
dn: 'olcDatabase={1}mdb,cn=config'
|
|
name: 'olcRootPW'
|
|
values: >-
|
|
{{ new_passwd_hash.stdout }}
|
|
state: 'exact'
|
|
diff: false
|
|
no_log: true
|
|
|
|
- name: 'renewing admin password - calling ldappasswd'
|
|
ldap_passwd:
|
|
dn: 'cn=admin,{{ ldap_basedn }}'
|
|
passwd: '{{ ldap_passwd }}'
|
|
bind_dn: 'cn=admin,{{ ldap_basedn }}'
|
|
bind_pw: '{{ ldap_passwd }}'
|
|
...
|