[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: LDAP bindPassword in Ansible inventory

Maybe if you use a vars yaml file, it might work? I was going to try it today, but I didn't get around to it, was hoping you'd get it working first?

By a vars file I mean

ansible-playbook -e "@varsfile.yml"

With something like this in there, but obviously the encrypted bit

- name: active_directory
  challenge: 'true'
  login: 'true'
  kind: LDAPPasswordIdentityProvider
    - mail
    - sAMAccountName
    - displayName
    - sAMAccountName
  insecure: 'true'
  bindDN: 'CN=xxxx,OU=Azure Users,OU=DEH-Staff,DC=internal,DC=govt'
  bindPassword: 'xxxx'
  url: ldap://ad-lb.envris-os-dev.agiledigital.com.au:389/ou=deh-staff,dc=internal,dc=govt?samAccountName

On Tue, Oct 24, 2017 at 4:59 PM Lionel Orellana <lionelve gmail com> wrote:
Well adding this to the inventory file doesn't work (even if the files are copied to masters before hand).

'bindPassword': {'file': '/root/bindPassword.encrypted', 'keyFile': '/root/bindPassword.key'},

Is there any way to encrypt the bindPassword in the inventory file?

On 21 October 2017 at 11:43, Lionel Orellana <lionelve gmail com> wrote:
Looking at the master role it just copies the configuration from the inventory to the config file so I do have to copy the encryption files beforehand. Will have to try if the format in the inventory file is right.
On Sat, 21 Oct 2017 at 9:15 am, Lionel Orellana <lionelve gmail com> wrote:

I see there's a way to encrypt an ldap bind password for use in the master configs.

But I'm not sure how this would work in the Ansible inventory configuration for the identity provider. 

If I use an Encrypted External File do I need to copy the file to all the masters first? Or is the playbook going to copy it from the ansible host? 

What should the openshift_master_identity_providers look like?

openshift_master_identity_providers=[{'name': 'my_ldap_provider', ..., 'kind': 'LDAPPasswordIdentityProvider', ..., 'bindPassword': { 'file': 'bindPassword.encrypted'
    'keyFile': 'bindPassword.key'}, ...}]


users mailing list
users lists openshift redhat com
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]