我在新系统上有一个新的盐管理器,正在验证我的某些先前状态。
我已经到了要测试Salt更新LDAP的能力的地步,虽然它可以成功连接,但是现在尝试更新单个值时似乎抛出了错误。我已经剥离了东西进行测试,并具有以下内容:
sls:
ldapi-base:
ldap.managed:
- connect_spec:
url: ldapi:///
bind:
method: simple
dn: {{ salt['pillar.get']('ldapi-admin:admin') }}
password: "{{ salt['pillar.get']('ldapi-admin:adminpw') }}"
- entries:
- dc=domain,dc=com:
- delete_others: True
- replace:
objectClass:
- dcObject
- organization
dc: domain
错误消息:
ID: ldapi-base
Function: ldap.managed
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/var/tmp/.saltguru_c0a32f_salt/pyall/salt/state.py", line 1933, in call
**cdata['kwargs'])
File "/var/tmp/.saltguru_c0a32f_salt/pyall/salt/loader.py", line 1951, in wrapper
return f(*args, **kwargs)
File "/var/tmp/.saltguru_c0a32f_salt/pyall/salt/states/ldap.py", line 334, in managed
__salt__['ldap3.add'](l, dn, n)
File "/var/tmp/.saltguru_c0a32f_salt/pyall/salt/modules/ldap3.py", line 414, in add
l.c.add_s(dn, modlist)
File "/usr/local/lib/python3.6/site-packages/ldap/ldapobject.py", line 428, in add_s
return self.add_ext_s(dn,modlist,None,None)
File "/usr/local/lib/python3.6/site-packages/ldap/ldapobject.py", line 413, in add_ext_s
msgid = self.add_ext(dn,modlist,serverctrls,clientctrls)
File "/usr/local/lib/python3.6/site-packages/ldap/ldapobject.py", line 410, in add_ext
return self._ldap_call(self._l.add_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
File "/usr/local/lib/python3.6/site-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
TypeError: ('Tuple_to_LDAPMod(): expected a tuple', [('objectClass', [b'dcObject', b'organization']), ('dc', [b'domain'])])
Started: 15:50:22.329045
Duration: 6.884 ms
Changes:
我一直盯着它并对其进行了调整,但都无济于事。我起初以为是格式问题,所以各种元素都被改组甚至删除了。如果我同时删除了dc和objectClass,则状态会成功传递(但随后,它实际上实际上不会执行任何操作)。
我也经历了Github上列出的几个问题,并调查了几个问题(#53232,#52022)甚至进行了更新(我最初使用的是2019.2.0)。我最初使用的系统(现已退役)相信是2018.x.y变体,但没有任何问题。
有人可以提供任何建议吗?据我从示例输出中可以看出,它像元组一样[[looks。盐--versions-report:
Salt Version:
Salt: 2019.2.2
Dependency Versions:
cffi: 1.12.3
cherrypy: Not Installed
dateutil: Not Installed
docker-py: Not Installed
gitdb: 2.0.5
gitpython: 2.1.11
ioflo: Not Installed
Jinja2: 2.10.1
libgit2: 0.28.1
libnacl: Not Installed
M2Crypto: Not Installed
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.6.1
mysql-python: Not Installed
pycparser: 2.19
pycrypto: 2.6.1
pycryptodome: Not Installed
pygit2: 0.28.0
Python: 3.6.9 (default, Aug 22 2019, 01:16:05)
python-gnupg: Not Installed
PyYAML: 5.1
PyZMQ: 18.1.0
RAET: Not Installed
smmap: 2.0.5
timelib: Not Installed
Tornado: 4.5.3
ZMQ: 4.3.1
System Versions:
dist:
locale: US-ASCII
machine: amd64
release: 12.0-RELEASE
system: FreeBSD
version: Not Installed
编辑:
如果将参数test=true
添加到salt命令中,则会得到以下结果:
ID: ldapi-base
Function: ldap.managed
Result: None
Comment: Would change LDAP entries
Started: 12:44:54.110453
Duration: 2.371 ms
Changes:
----------
dc=domain,dc=com:
----------
new:
----------
dc:
- domain
o:
- myOrg
objectClass:
- dcObject
- organization
- top
old:
None
看起来好像事物的盐分面还不错,但是传递到下一阶段的东西不是吗?
是的,它指向的目标框也是新的,其中没有数据。
我在一个新系统上有一个新的盐管理器,我正在验证我以前存在的某些状态。现在我要测试Salt的更新LDAP的能力,并且它可以连接...
dc=domain,dc=com
,以便它使用objectClass dcObject
和organization
。