Whether your service account has sufficient privilege? What does it say while triggering in debug mode?
On Fri, 20 Aug, 2021, 12:52 am 'Mark Tovey' via Ansible Project, < [email protected]> wrote: > I am trying to use community.general.ldap_search to return the RootDSE > from a LDAP server (RedHat Directory Server). The LDAP server is > configured to allow anonymous access to the RootDSE > (nsslapd-allow-anonymous-access: rootdse) and I can retrieve it with > ldapsearch: > > ldapsearch -LLL -x -H ldap://myldapserver.example.com -b '' -s base > defaultnamingContext > dn: > defaultnamingContext: dc=mysrv,dc=example,dc=com > > But I am unable to duplicate that with the ldap_search module: > > ansible localhost -m community.general.ldap_search -a "server_uri='ldap:// > myldapserver.example.com' validate_certs=false bind_dn='' dn='dn:' > scope=base " > > localhost | FAILED! => { > "changed": false, > "details": "{'info': 'Anonymous access is not allowed.', 'desc': > 'Inappropriate authentication'}", > "invocation": { > "module_args": { > "attrs": null, > "bind_dn": "", > "bind_pw": "", > "dn": "dn:", > "filter": "(objectClass=*)", > "referrals_chasing": "anonymous", > "sasl_class": "external", > "schema": false, > "scope": "base", > "server_uri": "ldap://myldapserver.example.com";, > "start_tls": false, > "validate_certs": false > } > }, > "msg": "Attribute action failed." > } > > So how can I retrieve the RootDSE with ldap_search? Has anyone else had > success with this or am I going to be forced to shell out to ldapsearch? > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/3f5a3363-c8c8-45c7-9dce-b7465724d5e8n%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/3f5a3363-c8c8-45c7-9dce-b7465724d5e8n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKHt%2BQ_AGS%3D5YyEda8jbNyif9Uqm6uWDYiLUode%2BEtgkrovpqA%40mail.gmail.com.
