Thursday, March 25, 2021

[389-users] dsconf idempotency


I like to use [dsconf]( to manage my 389ds instances.

I like also Ansible to manage the configuration. From Ansible, if I run dsconf command I see some problems of idempotency.

For example, if I run the first time in a new fresh installation

dsconf -D cn=Directory Manager -w ****
ldap://localhost:389 plugin attr-uniq set attribute
uniqueness --subtree=c=en --enabled=on --attr-name=uid

it returns 0 and the output

*Successfully changed the cn=attribute uniqueness,cn=plugins,cn=config*. If I re run the same command I will see:

*There is nothing to set in the cn=attribute
uniqueness,cn=plugins,cn=config plugin entry*

and the exit status is 1.

Of course I can manage the output in Ansible in order to reclassify as well the task result. But I have to do that in a lot of cases (best effort).

Of course I can use some idempotent ldapmodify module, but I like to trust `dsconf`.

So I wonder if you could consider the benefit to make `dsconf` more idempotent.
For instance, in the above case the exit status could be 0. The same behavior could be adopted in all results of "already exists" output messages when the value to set is equal to the value already present (ie: `dsconf -D cn=Directory Manager -w *** ldap://localhost:389 backend index add ...` returns "already exists" and the exit status 1 if the idex is already defined)

If you have any other hints to address this problem could let me know.

Thank you very much
Kind Regards
389-users mailing list --
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:
Do not reply to spam on the list, report it:

No comments:

Post a Comment