From 7eb98eaaeff3d3ba5a3de281c2919cda5a0c353d Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 15 Sep 2017 14:29:17 +0200
Subject: [PATCH] roles/ipaclient/tasks/install.yml: Fix principal/keytab
 check, set default principle early

---
 roles/ipaclient/tasks/install.yml | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index 9380c3dc..ceedea0c 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -16,10 +16,10 @@
     check: yes
   register: ipadiscovery
 
-- name: Install - Set default principal if no keytab is given and no OTP usage
+- name: Install - Set default principal if no keytab is given
   set_fact:
     ipaclient_principal: admin
-  when: ipaclient_principal is undefined and ipaclient_keytab is undefined and not ipaclient_use_otp | bool
+  when: ipaclient_principal is undefined and ipaclient_keytab is undefined
 
 # The following block is executed when using OTP to enroll IPA client
 # ie when ipaclient_use_otp is set.
@@ -55,7 +55,7 @@
 
 - name: Install - Check if one of password and keytab are set
   fail: msg="At least one of password or keytab must be specified"
-  when: ipaclient_password is undefined and ipaclient_keytab is undefined or ipaclient_password == "" or ipaclient_keytab == ""
+  when: (ipaclient_password is undefined or ipaclient_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
 
 - name: Install - Join IPA
   ipajoin:
@@ -130,11 +130,6 @@
     #debug: yes
   register: ipaapi
 
-- name: Install - Set default principal after OTP usage
-  set_fact:
-    ipaclient_principal: admin
-  when: ipaclient_principal is undefined and ipaclient_keytab is undefined and ipaclient_use_otp | bool
-
 - name: Install - Create IPA NSS database
   ipanss:
     servers: "{{ ipadiscovery.servers }}"
-- 
GitLab