Using Vault in microsoft.ad.ldap.yml

[Caroline Kiel]

Hi everyone,

I searched this list but couldn't find a valid answer.

I want to use the MS plugin microsoft.ad.ldap.yml inside a playbook.

As long, as I enter the LDAP username and password as clear text in the yml, everything runs smooth.

But, of course, this is not an option for production, so I'm looking for a way to store the password in a vault file.

Unfortunately, I can't get it to work using variables at all.

There is a hint that one can use environment variables, but I'm really struggling.

Does anyone have a hint for me?

Thank you very much in advance,

Caroline

[Will McDonald]

From: https://docs.ansible.com/ansible/latest/collections/microsoft/ad/ldap_inventory.html#parameter-username

And: https://docs.ansible.com/ansible/latest/collections/microsoft/ad/ldap_inventory.html#parameter-password

If you set both:

MICROSOFT_AD_LDAP_USERNAME

MICROSOFT_AD_LDAP_PASSWORD

e.g.:

$ export MICROSOFT_AD_LDAP_USERNAME=read_only_user

$ export MICROSOFT_AD_LDAP_PASSWORD=Hugely_Complicated_Password

Then those should be consumed by the plugin. If your password has metacharacters, you'll need to figure out the right combination of quoting/escaping too to ensure they're ingested correctly?

If you read the examples in the plugin docs, they also show some lookups being used to populate the config, you could potentially tweak that to pull from an Ansible vault.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/abf15b06-b028-4c33-a9ec-7a5e70ad5e2en%40googlegroups.com.