Bug fixes pr devel 2.x (#2701)

* Fixing-email-title-for-backup-validation (#2657)

Co-authored-by: Matej Stajduhar <[email protected]>

* Adding-task-to-create-aurora-cluster (#2659)

* Adding-task-to-create-aurora-cluster

* Adding-region-profile-and-tags-to-aurora-cluster

* Updating-engine-for-aurora-cluster

* Updating-parameter-group-engine

* Updating-engine-version

* Updating-engine-version-2

* Disabling-automated-backups

* Disabling-automated-backups-2

* Disabling-automated-backups-3

* Disabling-automated-backups-4

* Skipping-task-if-not-aurora

* Adding-subnet-group-to-instances

* Adding-subnet-group-to-instances

* Updating-SG-return-values

* Updating-SG-return-values-2

* Updating-SG-return-values-3

* Updating-SG-return-values-4

* Updating-SG-return-value-debug

* Updating-SG-return-value-debug-2

* Updating-SG-return-value-debug-3

* Removing-debug-tasks

* Removing-init-var-for-SG-list

* Adding-character-set-option

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Fixing installer variable bug.

* Fixing tests for external PRs.

* Testing with a fork.

* Adding repo owner's username into installer string.

* Refactoring config repo detection to simplify.

* No longer permitted to use an integer as a truthy value.

* No longer permitted to use existence check as a truthy value.

* Can't see a reason why linotp var shouldn't be a boolean.

* No longer permitted to use existence check as a truthy value.

* Fixing truthy errors in ce_deploy role.

* No longer permitted to use an integer as a truthy value.

* Fixing truthy variable mistakes. (#2662)

* Fixing installer variable bug.

* Fixing tests for external PRs.

* Testing with a fork.

* Adding repo owner's username into installer string.

* Refactoring config repo detection to simplify.

* No longer permitted to use an integer as a truthy value.

* No longer permitted to use existence check as a truthy value.

* Can't see a reason why linotp var shouldn't be a boolean.

* No longer permitted to use existence check as a truthy value.

* Fixing truthy errors in ce_deploy role.

* No longer permitted to use an integer as a truthy value.

* feat(php): Add FPM slow logrotate (#2625)

* feat(php): Support removal of APCU, add FPM slow logrotate

* simplify condition

* revert apcu installed setting, not needed

* r73458-install-php-gmp-by-default2 (#2667)

* r73458-install-php-gmp-by-default2

* re-add required packages

* Wazuh-mitre-report-setup (#2588)

* Wazuh-mitre-report-setup

* Wazuh-mitre-shellshock-longurl-block

* Fixing-vars

* Wazuh-mitre-report-setup-PR-2.x

* Wazuh mitre report setup pr 2.x (#2669)

* Wazuh-mitre-report-setup

* Wazuh-mitre-shellshock-longurl-block

* Fixing-vars

* Wazuh-mitre-report-setup-PR-2.x

* Wazuh-mitre-report-setup-PR-2.x

* pin_ansible_version (#2671)

* pin_ansible_version

* pin_ansible_version

* pin_ansible_version

* pin_ansible_version

* pin_ansible_version_fix_upgrade_timer

* pin_ansible_version_fix_upgrade_timer

* pin_ansible_version_fix_upgrade_timer

* pin_ansible_version_disable_upgrade_timer

* pin_ansible_version_disable_upgrade_timer

* pin_ansible_version_disable_upgrade_timer

* pin_ansible_version_disable_upgrade_timer

* Fixing-ce-provision-vars (#2678)

* Updating-string (#2507)

* Updating-string

* Updating-string-3

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Added-tasks-to-backup-Aurora-and-copy-AMI-to-safe-region (#2682)

* Added-tasks-to-backup-Aurora-and-copy-AMI-to-safe-region

* Fixing-aurora-backup-tasks

* Fixing-aurora-backup-tasks-2

* Fixing-aurora-backup-tasks-3

* Fixing-aurora-backup-tasks-5

* Adding-aurora-template

* Updating-aurora-vars

* Adding-handler-to-defaults-for-CF

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* SG-creation-update (#2605)

* SG-creation-update

* Updating-lambda-tasks-to-handle-various-file-options

* Updating-lambda-tasks-for-url-handling

* Updating-aws_admin_tools-for-aws_lambda

* Updating-aws_admin_tools-for-aws_lambda

* Setting-loop-item

* Setting-loop-item-2

* Updating-vpc-sec-group-vars

* Removing-extra-vars-for-git-module

* Adding-default-for-git_url

* Cleaning-up-tasks

* Updating-ansible-lint

* Updating-ansible-lint

* Ommiting-name-if-no-sec_group-name-defined

* Removing-loop-var

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Fixing-copy-AMI-to-backup-region (#2684)

Co-authored-by: Matej Stajduhar <[email protected]>

* Fixing-ami-copy-task (#2686)

Co-authored-by: Matej Stajduhar <[email protected]>

* Updating clamav command to use flock avoiding duplicate processes running.

* Bug fixes pr 2.x (#2690)

* Fixing installer variable bug.

* Fixing tests for external PRs.

* Testing with a fork.

* Adding repo owner's username into installer string.

* Refactoring config repo detection to simplify.

* No longer permitted to use an integer as a truthy value.

* No longer permitted to use existence check as a truthy value.

* Can't see a reason why linotp var shouldn't be a boolean.

* No longer permitted to use existence check as a truthy value.

* Fixing truthy errors in ce_deploy role.

* No longer permitted to use an integer as a truthy value.

* Updating clamav command to use flock avoiding duplicate processes running.

* 73569 allowing webp nginx pr 2.x (#2692)

* allowing webp extension

* adding webp mime type

---------

Co-authored-by: filip <[email protected]>

* extending provision.sh to support tags in plays (#2431)

Co-authored-by: filip <[email protected]>

* Adding-option-for-Aurora-RDS-for-backup-validation (#2635)

Co-authored-by: Matej Stajduhar <[email protected]>

* Fixing-aws_vpc-override (#2688)

* Fixing-aws_vpc-override

* Adding-defaults

* Fixing-register-command

* Defaulting-tags

* Defaulting-tags-2

* Updating-region

* Updating-iam_role-vars

* Updating-iam_role-vars-2

* Updating-when-statement

* Updating-when-statement-for-backups

* Updating-when-statement-for-iam-policy

* Updating-when-statement-for-iam-policy

* Updating-vars-for-SG-creation

* Updating-when-statement-for-iam-role

* Updating-handle-git-url

* Updating-handle-git-url-2

* Updating-handle-git-url-3

* Updating-handle-git-url-4

* Updating-handle-git-url-5

* Updating-handle-git-url-6

* Updating-handle-git-url-7

* Fixing-indentation

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* More truthy length fixes.

* Updating-pam-ldap-condition (#2695)

* Updating-pam-ldap-condition

* Updating-pam-ldap-condition-PR-2.x

* Fixing more LDAP role truthy issues.

* Slight block refactor for LDAP.

* DN length check should not be negated.

* Forgot to add the length filter.

---------

Co-authored-by: drazenCE <[email protected]>
Co-authored-by: Matej Štajduhar <[email protected]>
Co-authored-by: Matej Stajduhar <[email protected]>
Co-authored-by: Klaus Purer <[email protected]>
Co-authored-by: nfawbert <[email protected]>
Co-authored-by: tymofiisobchenko <[email protected]>
Co-authored-by: Filip Rupic <[email protected]>
Co-authored-by: filip <[email protected]>

Author: 9 people

roles/debian/pam_ldap/tasks/main.yml

@@ -14,14 +14,14 @@
   ansible.builtin.file:
     path: /etc/ldap/ssl
     state: directory
-  when: pam_ldap.ssl_certificate is defined and pam_ldap.ssl_certificate | length > 0
+  when: pam_ldap.ssl_certificate|length > 0
 
 - name: Copy certificate.
   ansible.builtin.copy:
     src: "{{ pam_ldap.ssl_certificate }}"
     dest: "/etc/ldap/ssl/{{ pam_ldap.ssl_certificate | basename }}"
     mode: "0666"
-  when: pam_ldap.ssl_certificate is defined and pam_ldap.ssl_certificate | length > 0
+  when: pam_ldap.ssl_certificate|length > 0
 
 - name: Copy nslcd config.
   ansible.builtin.template:
@@ -82,41 +82,39 @@
     mode: 0555
     owner: root
 
-- name: Create LDAP key script passwd file.
-  ansible.builtin.template:
-    src: ldap-bindpw.j2
-    dest: /etc/ldap/ldap-bindpw
-    mode: "0600"
-    owner: root
-  when:
-    - ldap_client.binddn is defined and ldap_client.binddn
-    - ldap_client.bindpw is defined and ldap_client.bindpw
-
-- name: Create wrapper script for LDAP key script.
-  ansible.builtin.template:
-    src: ssh-getkey-ldap-wrapper.sh.j2
-    dest: /usr/local/bin/ssh-getkey-ldap-wrapper.sh
-    mode: "0555"
-    owner: root
-  when:
-    - ldap_client.binddn is defined and ldap_client.binddn
-    - ldap_client.bindpw is defined and ldap_client.bindpw
-
-- name: Configure SSH pub key command if there is a binddn set.
-  ansible.builtin.lineinfile:
-    path: /etc/ssh/sshd_config
-    regexp: "AuthorizedKeysCommand "
-    line: AuthorizedKeysCommand /usr/local/bin/ssh-getkey-ldap-wrapper.sh
+- name: LDAP password handling.
   when:
-    - ldap_client.binddn is defined and ldap_client.binddn
+    - ldap_client.binddn|length > 0
+    - ldap_client.bindpw|length > 0
+  block:
+    - name: Create LDAP key script passwd file.
+      ansible.builtin.template:
+        src: ldap-bindpw.j2
+        dest: /etc/ldap/ldap-bindpw
+        mode: "0600"
+        owner: root
+
+    - name: Create wrapper script for LDAP key script.
+      ansible.builtin.template:
+        src: ssh-getkey-ldap-wrapper.sh.j2
+        dest: /usr/local/bin/ssh-getkey-ldap-wrapper.sh
+        mode: "0555"
+        owner: root
+
+    # We don't support bind DN with no password because if there is no password the necessary script is not created.
+    - name: Configure SSH pub key command if there is a binddn set.
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: "AuthorizedKeysCommand "
+        line: AuthorizedKeysCommand /usr/local/bin/ssh-getkey-ldap-wrapper.sh
 
 - name: Configure SSH pub key command if no binddn set.
   ansible.builtin.lineinfile:
     path: /etc/ssh/sshd_config
     regexp: "AuthorizedKeysCommand "
     line: AuthorizedKeysCommand /usr/local/bin/ssh-getkey-ldap
   when:
-    - not ldap_client.binddn
+    - ldap_client.binddn|length == 0
 
 - name: Configure SSH pub key command user.
   ansible.builtin.lineinfile: