New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ldap_attr module: Encode value when setting unicodePwd attribute #36611

Open
wants to merge 1 commit into
base: devel
from

Conversation

Projects
None yet
4 participants
@florafong

florafong commented Feb 23, 2018

SUMMARY

The unicodePwd attribute for a principal in Active Directory must be encoded and surrounded with quotes in order for the Active Directory server to accept the value.

See https://msdn.microsoft.com/en-us/library/cc223248.aspx

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

ldap_attr

ANSIBLE VERSION
ansible 2.6.0 (devel 5a0f4f0646) last updated 2018/02/22 11:12:16 (GMT -700)
ADDITIONAL INFORMATION
    - name: Set the unicodePwd for principal testuser1
      ldap_attr:
        dn: 'CN=testuser1,CN=Users,DC=domain,DC=com'
        name: unicodePwd
        values: s3curePassword
        state: exact
        server_uri: 'ldaps://ad1.server.com'
        bind_dn: 'CN=lookup,CN=Users,DC=domain,DC=com'
        bind_pw: '******'

Running the above playbook results in an error from the Active Directory server.

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UNWILLING_TO_PERFORM: {'info': '0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to perform'}
fatal: [mgr1.sfire.phemi.com]: FAILED! => {"changed": false, "details": "{'info': '0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\\n', 'desc': 'Server is unwilling to perform'}", "msg": "Attribute action failed."}
@ansibot

This comment has been minimized.

Contributor

ansibot commented Feb 23, 2018

The test ansible-test sanity --test pylint [explain] failed with 1 error:

lib/ansible/modules/net_tools/ldap/ldap_attr.py:256:18: undefined-variable Undefined variable 'unicode'

click here for bot help

@ansibot

This comment has been minimized.

Contributor

ansibot commented Feb 23, 2018

@jtyr

This comment has been minimized.

Contributor

jtyr commented Feb 23, 2018

I kind of don't like to make module changes for specific attributes for a specific LDAP implementations. I would prefer if there would be a Jinja2 filter which you could use for the encoding. Something like this:

    - name: Set the unicodePwd for principal testuser1
      ldap_attr:
        dn: CN=testuser1,CN=Users,DC=domain,DC=com
        name: unicodePwd
        values: "{{ 's3curePassword' | utf16encode }}"
        state: exact
        server_uri: ldaps://ad1.server.com
        bind_dn: CN=lookup,CN=Users,DC=domain,DC=com
        bind_pw: "******"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment