win_domain_group to append new member groups
27 views
Skip to first unread message
Raj
Nov 13, 2018, 7:06:47 AM11/13/18
to Ansible Project
Hello All,
I'm using the 'win_domain_group module' in ansible 2.6 to add a newly created AD group (new_grp) to an existing AD group ( my_admins). It works, but instead of appending "new_grp" as a member of "my_admins" it removes all current members and adds only "new_group" . Does this module have an append option for attributes?
win_domain_group:
domain_server: "{{ domain_ctrl }}"
domain_username: "{{ domain_user }}"
domain_password: "{{ domain_pass }}"
name: "CN=my_admins,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
domain_server: "{{ domain_ctrl }}"
domain_username: "{{ domain_user }}"
domain_password: "{{ domain_pass }}"
name: "CN=my_admins,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
path: "{{ ldap_group_path }}"
category: security
scope: global
description: "My test group"
state: present
attributes:
category: security
scope: global
description: "My test group"
state: present
attributes:
member: "CN=new_grp,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
I can get it to work if I manually list all needed member groups like for the attribute like this?
win_domain_group:
....
....
state: present
attributes:
member: attributes:
- "CN=new_grp,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
- "CN=group1,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
- "CN=group2,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
- "CN=group3,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
But as I generate the list from a previous task I'd like to pass the member list as a variable like "{{ teams}}"
teams:
- "CN=new_grp,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
- "CN=group1,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
- "CN=group2,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
- "CN=group3,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
Using with_items: "{{ teams}}" , iterates through the list but the result only the last group as a member. Any suggestions on how I can get around this?
Raj
Nov 23, 2018, 6:23:26 AM11/23/18
to Ansible Project
I managed to get this working. I used a series of set_facts with loops to convert the list of groups from :
teams:
- "CN=new_grp,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
- "CN=group1,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
- "CN=group2,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
- "CN=group3,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
TO
teams_formatted: "CN=new_grp,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local,CN=group1,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local,CN=group2,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local, CN=group3,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
Then the following task worked
teams_formatted: "CN=new_grp,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local,CN=group1,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local,CN=group2,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local, CN=group3,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
Then the following task worked
win_domain_group:
domain_server: "{{ domain_ctrl }}"
domain_username: "{{ domain_user }}"
domain_password: "{{ domain_pass }}"
name: "CN=my_admins,ou=user groups,ou=accounts,ou=xyz,DC=Lab,DC=local"
path: "{{ ldap_group_path }}"
category: security
scope: global
description: "My test group"
state: present
attributes:
member: "{{ teams_formatted }}"
Reply all
Reply to author
Forward
0 new messages