christophetd / Adaz

:wrench: Deploy customizable Active Directory labs in Azure - automatically.
https://blog.christophetd.fr/automating-the-provisioning-of-active-directory-labs-in-azure/
409 stars 84 forks source link

Failed: Ensure domain groups exist #25

Closed m7x closed 4 years ago

m7x commented 4 years ago

Hey thanks for your project. I am getting this error and I could not figured out how to fix it:

> ansible-playbook domain-controllers.yml --skip-tags=base -v
[...]
TASK [domain-controller : Ensure domain groups exist] *******************************************************************************************************************************************************************************************************
failed: [domain-controller_86da] (item={'dn': 'CN=Hunters,CN=Users', 'members': ['christophe', 'dany']}) => {"ansible_loop_var": "item", "changed": false, "created": false, "item": {"dn": "CN=Hunters,CN=Users", "members": ["christophe", "dany"]}, "msg": "the group path CN=Users,,DC=hunter,DC=lab does not exist, please specify a valid LDAP path"}

Note the double commas in CN=Users,,DC=hunter.

My domain.yml:

# Domain groups
 groups:
 - dn: CN=Hunters,CN=Users
   members: [christophe, dany]

I am sure the problem is in here:

path: "{{ item.dn.split(',') | reject('search', item.dn.split(',')[0]) | map('regex_replace', '(.*)', '\\1,') | join('') }}{{ domain_root_path }}"

Any suggestions?

christophetd commented 4 years ago

Hi,

Thanks a lot for reporting. While I look into it and merge it, can you please try the patch proposed in #23 and let me know if it fixes the issue?

Thank you Christophe

christophetd commented 4 years ago

FYI: On latest master (and from inside the virtual env), I have no issue with the playbook:

$ cd ansible
$ source venv/bin/activate
$ ansible-playbook domain-controllers.yml --skip-tags=base -v
...
TASK [domain-controller : Ensure domain groups exist] *******************************************************************************************************************************************************
ok: [domain-controller_33f5] => (item={'dn': 'CN=Hunters,CN=Users', 'members': ['christophe', 'dany']}) => {"ansible_loop_var": "item", "canonical_name": "hunter.lab/Users/Hunters", "category": "Security",
 "changed": false, "created": false, "description": null, "display_name": null, "distinguished_name": "CN=Hunters,CN=Users,DC=hunter,DC=lab", "group_scope": "Global", "guid": "bc4a8859-9155-4621-8aea-aef39
81c8972", "item": {"dn": "CN=Hunters,CN=Users", "members": ["christophe", "dany"]}, "managed_by": null, "name": "Hunters", "protected_from_accidental_deletion": false, "sid": "S-1-5-21-130281680-705130643-
2804825206-1103"} 

Same when the playbook is initially run by Terraform on terraform apply:

$ terraform apply
...
null_resource.provision_rest_of_dc_after_creation (local-exec): TASK [domain-controller : Ensure domain groups exist] **************************                                                             
null_resource.provision_rest_of_dc_after_creation (local-exec): changed: [domain-controller_33f5] => (item={'dn': 'CN=Hunters,CN=Users', 'members': ['christophe', 'dany']}) => {"ansible_loop_var": "item", 
"canonical_name": "hunter.lab/Users/Hunters", "category": "Security", "changed": true, "created": true, "description": null, "display_name": null, "distinguished_name": "CN=Hunters,CN=Users,DC=hunter,DC=la
b", "group_scope": "Global", "guid": "bc4a8859-9155-4621-8aea-aef3981c8972", "item": {"dn": "CN=Hunters,CN=Users", "members": ["christophe", "dany"]}, "managed_by": null, "name": "Hunters", "protected_from
_accidental_deletion": false, "sid": "S-1-5-21-130281680-705130643-2804825206-1103"}

To rule out a potential issue due to an older Ansible version, can you confirm that you have this issue while in the venv? (which implies you have ansible 2.9.9)

m7x commented 4 years ago

Correct. I forgot to mention that I couldn't use az login for my setup so I changed to auth_source: env in the inventory_azure_rm.yml.

> ansible --version
ansible 2.9.9
m7x commented 4 years ago

This MR actually fixed the problem.

christophetd commented 4 years ago

Thanks for the feedback! Will get it merged ASAP.