[ansible-project] Re: Fetch rootdse from LDAP server

['Mark Tovey' via Ansible Project]

I found the answer:

ansible localhost -m community.general.ldap_search -a 
"server_uri='ldap://myldapserver.example.com' validate_certs=false  
bind_dn='' dn='' scope=base attrs=defaultnamingcontext"

localhost | SUCCESS => {
    "changed": false,
    "results": [
        {
            "defaultnamingcontext": "dc=mysrv,dc=example,dc=com",
            "dn": ""
        }
    ]
}

Leave the bind_dn null and the ldap_search module converts that to 
anonymous.  And leave dn null to specify the RootDSE.




On Thursday, August 19, 2021 at 12:22:41 PM UTC-7 Mark Tovey wrote:

> I am trying to use community.general.ldap_search to return the RootDSE 
> from a LDAP server (RedHat Directory Server).  The LDAP server is 
> configured to allow anonymous access to the RootDSE 
> (nsslapd-allow-anonymous-access: rootdse) and I can retrieve it with 
> ldapsearch:
>
> ldapsearch -LLL -x -H ldap://myldapserver.example.com  -b '' -s base  
> defaultnamingContext
> dn:
> defaultnamingContext: dc=mysrv,dc=example,dc=com
>
> But I am unable to duplicate that with the ldap_search module:
>
> ansible localhost -m community.general.ldap_search -a "server_uri='ldap://
> myldapserver.example.com' validate_certs=false  bind_dn='' dn='dn:' 
> scope=base "
>
> localhost | FAILED! => {
>     "changed": false,
>     "details": "{'info': 'Anonymous access is not allowed.', 'desc': 
> 'Inappropriate authentication'}",
>     "invocation": {
>         "module_args": {
>             "attrs": null,
>             "bind_dn": "",
>             "bind_pw": "",
>             "dn": "dn:",
>             "filter": "(objectClass=*)",
>             "referrals_chasing": "anonymous",
>             "sasl_class": "external",
>             "schema": false,
>             "scope": "base",
>             "server_uri": "ldap://myldapserver.example.com";,
>             "start_tls": false,
>             "validate_certs": false
>         }
>     },
>     "msg": "Attribute action failed."
> }
>
> So how can I retrieve the RootDSE with ldap_search?  Has anyone else had 
> success with this or am I going to be forced to shell out to ldapsearch?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d62c6059-45d3-4af8-988b-a7a5356dd84an%40googlegroups.com.