0

I am newbie to openstack and OIDC and creating a dummy OIDC Issuer for my instances, however during a task of Ensuring ou for users (I am following an official guide) I am getting an exception.

My yml file is

- name: Ensure ou for users
  community.general.ldap_entry:
    dn: ou=people,dc=springframework,dc=org
    objectClass:
      - top
      - organizationalUnit
    bind_dn: cn=Directory\ Manager
    bind_pw: "{{ kypo_crp_oidc_local_provider_ldap_root_password }}"
    server_uri: ldaps://localhost:1636
    validate_certs: False
  register: ldap_entry
  until: ldap_entry is not failed
  retries: 30
  delay: 5

I got an exception saying parent entry doesnot exist in server

FAILED - RETRYING: Ensure ou for users (3 retries left).
FAILED - RETRYING: Ensure ou for users (2 retries left).
FAILED - RETRYING: Ensure ou for users (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: 
ldap.NO_SUCH_OBJECT: {'msgtype': 105, 'msgid': 3, 'result': 32, 'desc': 'No such object', 'ctrls': [], 'info': 'Entry ou=people,dc=springframework,dc=org cannot be added because its parent entry dc=springframework,dc=org does not exist in the server'}
fatal: [kypo]: FAILED! => {"attempts": 30, "changed": false, "details": "{'msgtype': 105, 'msgid': 3, 'result': 32, 'desc': 'No such object', 'ctrls': [], 'info': 'Entry ou=people,dc=springframework,dc=org cannot be added because its parent entry dc=springframework,dc=org does not exist in the server'}", "msg": "Entry action failed."}
aneela
  • 1,457
  • 3
  • 24
  • 45

1 Answers1

0

In your ldaps://localhost:1636 ldap server, you need to create the base search dn, you can alter your yml file to something like:

- name: pre-Ensure ou for users
  community.general.ldap_entry:
  dn: dc=springframework,dc=org
  objectClass:
  - top
  - organizationalUnit
bind_dn: cn=Directory\ Manager
bind_pw: "{{ kypo_crp_oidc_local_provider_ldap_root_password }}"
server_uri: ldaps://localhost:1636
validate_certs: False
register: ldap_entry
until: ldap_entry is not failed
retries: 30
delay: 5

- name: Ensure ou for users
community.general.ldap_entry:
dn: ou=people,dc=springframework,dc=org
objectClass:
  - top
  - organizationalUnit
bind_dn: cn=Directory\ Manager
bind_pw: "{{ kypo_crp_oidc_local_provider_ldap_root_password }}"
server_uri: ldaps://localhost:1636
validate_certs: False
register: ldap_entry
until: ldap_entry is not failed
retries: 30
delay: 5

An other solution would be to directly create the base entry in your ldap using ldapadd or ldapmodify command: your input ldif:

 dn: dc=springframework,dc=org
 changetype: add
 objectClass: top

Then:

ldapmodify -a -x -D "cn=Directory Manager" -w password -H ldap://lcoalhost -f file.ldif
Hamza Tahiri
  • 488
  • 3
  • 13
  • When I tried it, all of a sudden the server is unable to connect. It says `ldap.SERVER_DOWN Can't contact LDAP server. The TLS connection was non-properly terminated'. What does mean by TLS connection was non-properly terminated? Is it talking about the last time connection ended or this time? – aneela Apr 14 '22 at 05:54
  • check if your server is up, check both ldaps://localhost:1636 and ldap://localhost:1389 – Hamza Tahiri Apr 14 '22 at 09:20