search

quinot / ansible-plugin-lookup_ldap

Ansible LDAP lookup plugin
50 stars 16 forks source link

Crash on iterator with no terms #1

Closed quinot closed 9 years ago

quinot commented 9 years ago

As reported by Philippe Eveque ...@gmail.com: << But in my case it needs a "workaround" that consist in adding a fake list entry when using the with_ldap construct

when the line (see my playbook below) looking like: - EOList # This is a fake entry needed to make the tast work - no idea why is NOT commented, it works as expected.

But when I comment that same line (as it should not be needed) I got the following:

TASK: [lookup a user ntUserDomainId attribute in corporate ldap] ** fatal: [127.0.0.1] => Unexpected error while executing task: list index out of range

FATAL: all hosts have already failed -- aborting

Any ideas why ?

this is with ansible --version ansible 1.8.2

here is an extract of the playbook:

# Default ldap query configuration (to query People entries)      
- ldap_lookup_config:
    url: "{{ldap_url}}"
    base: "{{ ldap_base_people }}"

# ldap mode as default+a filter       
- ldap_lookup_config/user_sea:
    filter:  "(uid={{ sea }})"

- ldap_lookup_config/NT:
    key: cn

[...some stuff skipped]

# That one works as expected, we can get the uidNumber attribute from corporate ldap
- name: Direct Lookup query
  debug: msg="{{sea}} {{a_value}} is {{ lookup('ldap', sea , context='user_sea', value="uidNumber") }}"

# The user is identified and filtered by his/her sea
# It works only when an "additional/fake" entry (EOList)  is added

- name: lookup a user ntUserDomainId attribute in corporate ldap
  debug: msg=" {{ sea }} whos is {{ item.cn }} in real life has {{ item.ntUserDomainId}} as domain account"
  with_ldap:
    - context: NT
    - value: ntUserDomainId
    - filter:  "(uid={{ sea }})"
    - EOList # This is a fake entry needed to make the tast work - no idea why
quinot commented 9 years ago

Thanks for your report Philippe. There is indeed a bug in the plugin, which had an assumption that at least one term would be supplied. You could have written your playbook as:

Here the last entry is not a dict, so it gets assigned to template variable "term" before performing the search.

A fix has been pushed that fixes this bug.

PhilEv commented 9 years ago

Fix teste. All working. Thanks