Creating a "newuser" task in ansible, and one of the tasks is to add the newuser to a number of ldap groups. I'm getting a Invalid Syntax error, and it's not clear how or why my syntax is wrong (it seems to be a LDAP syntax issue, not python/ansible syntax).
I can use ldapmodify from the command line to add the member, but not the ansible task.
Example to successfully add from command line:
ldap="dn: cn=mygroup,ou=Groups,dc=domain,dc=com
changetype: modify
add: member
member: [email protected],ou=People,dc=domain,dc=com
"
echo "${ldap}" | /usr/bin/ldapmodify -x -D cn=admin,dc=domain,dc=com -w mypass
modifying entry "cn=mygroup,ou=Groups,dc=domain,dc=com"
Attempting to use ansible task:
- name: Add to ldap groups as needed
ldap_attr:
dn: "cn=mygroup,ou=Groups,dc=domain,dc=com"
name: member
values: "[email protected],ou=People,dc=domain,dc=com"
state: present
params: "{{ ldap_auth }}"
The error from ansible is: ldap.INVALID_SYNTAX: {'info': u'value does not conform to assertion syntax', 'desc': u'Invalid syntax'}
The ansible variable ldap_auth is defined as: ldap_auth: server_uri: ldap://10.1.1.1 bind_dn: "cn=admin,dc=domain,dc=com" bind_pw: "mypass"
I was expecting the user is added to the ldap group as an additional member.
ldapsearch shows this as one of my current groups: dn: cn=mygroup,ou=Groups,dc=domain,dc=com cn: mygroup objectClass: groupOfNames objectClass: top description: My Group Users (Group Calendar) member: [email protected],ou=People,dc=domain,dc=com member: [email protected],ou=People,dc=domain,dc=com
