Closed MallocArray closed 3 years ago
Closing issue. I had misread what this module was used for and thought it was adding groups OR users to OME/OME-M so I was leaving out the domain_username and domain_password fields, thinking they were used when adding a user.
I now see those fields are used for authentication to AD when adding a group. Once I added those parameters, it started working as expected. I'm using the same credentials I'm using to connect to OME.
Updated task:
- name: Active Directory user groups
dellemc.openmanage.ome_domain_user_groups:
hostname: "{{ inventory_hostname }}"
username: "{{ dell_ome_username }}"
password: "{{ dell_ome_password }}"
directory_name: domain.com
group_name: "{{ item.group_name }}"
role: "{{ item.role }}"
domain_username: "{{ dell_ome_username }}"
domain_password: "{{ dell_ome_password }}"
loop: "{{ ome_groups }}"
loop_control:
label: "{{ item.group_name }} - {{ item.role }}"
Summary
Using the module ome_domain_user_groups, we are able to manage existing imported directory groups and the module properly is able to change roles if the group has already been imported.
Attempting to import a new group from Active Directory, the task fails with an error "Unable to complete the operation because the entered domain username or domain password are invalid."
If the same group name is manually imported in the GUI and then the same playbook is ran, it will properly report the group as OK or change roles if the playbook defines different roles. This proves that the credentials are correct for connecting to OME/OME-M
When adding a group manually in the GUI, even if the user is currently logged into OME/OME-M, when clicking to import a directory group, after selecting an AD Directory Source, another prompt for credentials is presented. I wonder if the Ansible modules are not properly filling in this credential request, as it only is required when doing the original import. Editing an existing user/group to change a role does not require this second credential entry.
Component Name
ome_domain_user_groups
Ansible Version
iDRAC or OpenManage Enterprise version
OpenManage Enterprise Module 1.30.00 OpenManage Enterprise 3.7
Steps to Reproduce
Playbook used
Example of ome_groups var that is looped through (OME specific in this example since Role value is different in OME-M)
Expected Results
If the group exists in OME, the role is verified as same as expected or changed to match If the group does not exist in OME, it is imported from AD, and assigned the permissions (this is what is not working)
Actual Results
Community Note