search

univention / ansible-modules

Ansible Modules for UCS
GNU General Public License v3.0
10 stars 4 forks source link

Handling for password on creation/update #17

Open michag86 opened 7 months ago

michag86 commented 7 months ago

I would like to create a user with a task that looks like this:

  tasks:
  - name: create a user
    univention.ucs_modules.univention_directory_manager:
      module: 'users/user'
      state: 'present'
      position: 'ou=orgunit,dc=mydomain,dc=net'
      set_properties:
        - property: 'username'
          value: 'testuser1'
        - property: 'lastname'
          value: 'testuser1'
        - property: 'password'
          value: 'super_secret_password'

When I run the playbook a second time, it results in this message:

The full traceback is:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/udm/modules/generic.py", line 201, in save
    self.dn = self._orig_udm_object.modify()
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1304, in modify
    return super(object, self).modify(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response, serverctrls=serverctrls)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1358, in _modify
    ml = self._ldap_modlist()
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1572, in _ldap_modlist
    ml = self._check_password_history(ml, pwhistoryPolicy)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1646, in _check_password_history
    raise univention.admin.uexceptions.pwalreadyused()
univention.admin.uexceptions.pwalreadyused: Das Passwort wurde bereits verwendet. Bitte wählen Sie ein anderes.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 107, in <module>
  File "<stdin>", line 99, in _ansiballz_main
  File "<stdin>", line 48, in invoke_module
  File "/usr/lib/python3.7/runpy.py", line 205, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/usr/lib/python3.7/runpy.py", line 96, in _run_module_code
    mod_name, mod_spec, pkg_name, script_name)
  File "/usr/lib/python3.7/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/tmp/ansible_univention.ucs_modules.univention_directory_manager_payload_44udolus/ansible_univention.ucs_modules.univention_directory_manager_payload.zip/ansible_collections/univention/ucs_modules/plugins/modules/univention_directory_manager.py", line 369, in <module>
  File "/tmp/ansible_univention.ucs_modules.univention_directory_manager_payload_44udolus/ansible_univention.ucs_modules.univention_directory_manager_payload.zip/ansible_collections/univention/ucs_modules/plugins/modules/univention_directory_manager.py", line 355, in run_module
  File "/tmp/ansible_univention.ucs_modules.univention_directory_manager_payload_44udolus/ansible_univention.ucs_modules.univention_directory_manager_payload.zip/ansible_collections/univention/ucs_modules/plugins/modules/univention_directory_manager.py", line 217, in _modify_object
  File "/usr/lib/python3/dist-packages/univention/udm/modules/generic.py", line 207, in save
    ), sys.exc_info()[2])
  File "/usr/lib/python3/dist-packages/six.py", line 692, in reraise
    raise value.with_traceback(tb)
  File "/usr/lib/python3/dist-packages/univention/udm/modules/generic.py", line 201, in save
    self.dn = self._orig_udm_object.modify()
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1304, in modify
    return super(object, self).modify(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response, serverctrls=serverctrls)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1358, in _modify
    ml = self._ldap_modlist()
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1572, in _ldap_modlist
    ml = self._check_password_history(ml, pwhistoryPolicy)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1646, in _check_password_history
    raise univention.admin.uexceptions.pwalreadyused()
univention.udm.exceptions.ModifyError: Error saving 'users/user' object at 'uid=testuser1,ou=orgunit,dc=mydomain,dc=net': Das Passwort wurde bereits verwendet. Bitte wählen Sie ein anderes.
fatal: [thotuvt1]: FAILED! => {
    "changed": false,
    "module_stderr": "Traceback (most recent call last):\n  File \"/usr/lib/python3/dist-packages/univention/udm/modules/generic.py\", line 201, in save\n    self.dn = self._orig_udm_object.modify()\n  File \"/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py\", line 1304, in modify\n    return super(object, self).modify(*args, **kwargs)\n  File \"/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py\", line 650, in modify\n    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response, serverctrls=serverctrls)\n  File \"/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py\", line 1358, in _modify\n    ml = self._ldap_modlist()\n  File \"/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py\", line 1572, in _ldap_modlist\n    ml = self._check_password_history(ml, pwhistoryPolicy)\n  File \"/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py\", line 1646, in _check_password_history\n    raise univention.admin.uexceptions.pwalreadyused()\nunivention.admin.uexceptions.pwalreadyused: Das Passwort wurde bereits verwendet. Bitte wählen Sie ein anderes.\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"<stdin>\", line 107, in <module>\n  File \"<stdin>\", line 99, in _ansiballz_main\n  File \"<stdin>\", line 48, in invoke_module\n  File \"/usr/lib/python3.7/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib/python3.7/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib/python3.7/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_univention.ucs_modules.univention_directory_manager_payload_44udolus/ansible_univention.ucs_modules.univention_directory_manager_payload.zip/ansible_collections/univention/ucs_modules/plugins/modules/univention_directory_manager.py\", line 369, in <module>\n  File \"/tmp/ansible_univention.ucs_modules.univention_directory_manager_payload_44udolus/ansible_univention.ucs_modules.univention_directory_manager_payload.zip/ansible_collections/univention/ucs_modules/plugins/modules/univention_directory_manager.py\", line 355, in run_module\n  File \"/tmp/ansible_univention.ucs_modules.univention_directory_manager_payload_44udolus/ansible_univention.ucs_modules.univention_directory_manager_payload.zip/ansible_collections/univention/ucs_modules/plugins/modules/univention_directory_manager.py\", line 217, in _modify_object\n  File \"/usr/lib/python3/dist-packages/univention/udm/modules/generic.py\", line 207, in save\n    ), sys.exc_info()[2])\n  File \"/usr/lib/python3/dist-packages/six.py\", line 692, in reraise\n    raise value.with_traceback(tb)\n  File \"/usr/lib/python3/dist-packages/univention/udm/modules/generic.py\", line 201, in save\n    self.dn = self._orig_udm_object.modify()\n  File \"/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py\", line 1304, in modify\n    return super(object, self).modify(*args, **kwargs)\n  File \"/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py\", line 650, in modify\n    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response, serverctrls=serverctrls)\n  File \"/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py\", line 1358, in _modify\n    ml = self._ldap_modlist()\n  File \"/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py\", line 1572, in _ldap_modlist\n    ml = self._check_password_history(ml, pwhistoryPolicy)\n  File \"/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py\", line 1646, in _check_password_history\n    raise univention.admin.uexceptions.pwalreadyused()\nunivention.udm.exceptions.ModifyError: Error saving 'users/user' object at 'uid=testuser1,ou=orgunit,dc=mydomain,dc=net': Das Passwort wurde bereits verwendet. Bitte wählen Sie ein anderes.\n",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

Is there a way to apply the password only on creation? Something like the update_password option from the orphaned ansible module from @keachi https://docs.ansible.com/ansible/latest/collections/community/general/udm_user_module.html#parameter-update_password

fbim-genosr commented 2 months ago

https://github.com/ansible-collections/community.general/blob/main/plugins/modules/udm_user.py

michag86 commented 2 months ago

https://github.com/ansible-collections/community.general/blob/main/plugins/modules/udm_user.py

This module is outdated: https://github.com/ansible-collections/community.general/issues/2950#issuecomment-877827871

tbreiden commented 1 month ago

Usually I do this by adding the option overridePWHistory

  tasks:
  - name: create a user
    univention.ucs_modules.univention_directory_manager:
      module: 'users/user'
      state: 'present'
      position: 'ou=orgunit,dc=mydomain,dc=net'
      set_properties:
        - property: 'username'
          value: 'testuser1'
        - property: 'lastname'
          value: 'testuser1'
        - property: 'password'
          value: 'super_secret_password'
        - property: "overridePWHistory"
          value: "1"

But i agree that it should work without.

vakilics commented 1 month ago

I tested and looks promising. So, already fixed version can be found here: https://github.com/univention/ansible-modules/releases/tag/v3.1.4