elastic-infra / terraform-provider-ldap Goto Github PK
View Code? Open in Web Editor NEWThis project forked from pryz/terraform-provider-ldap
LDAP provider for Terraform
License: MIT License
terraform-provider-ldap's People
Contributors
Stargazers
Watchers
Forkers
blamarvt anvilic dequbed takaishi memdealer peterrosell paulohaacke public-cloud-wl blz-tony-yuterraform-provider-ldap's Issues
LDAP Result Code 20 "Attribute Or Value Exists": modify/add: cn: value #0 already exists
Hello,
I was try to create user and primary group and get LDAP Result Code 20 "Attribute Or Value Exists": modify/add: cn: value #0 already exists error. Is it my fault or bug?
Sample of tf-file:
resource "ldap_object" "account_t_user" {
dn = "uid=t.user,ou=accounts,dc=domain,dc=lan"
object_classes = [
"top",
"posixAccount",
"shadowAccount",
"ldapPublicKey",
"inetOrgPerson",
"organizationalPerson",
"person",
"hostObject"
]
attributes = [
{ sn = "User" },
{ givenName = "Test" },
{ cn = "Test User" },
{ mail = "t.user@localhost" },
{ uidNumber = "1025" },
{ gidNumber = "1025" },
{ homeDirectory = "/home/t.user" },
{ loginShell = "/bin/bash" },
{ host = "somehost" },
]
}
resource "ldap_object" "group_t_user" {
dn = "cn=t.user,ou=accounts,dc=domain,dc=lan"
object_classes = [
"top",
"posixGroup"
]
attributes = [
{ gidNumber = "1025" },
{ cn = "t.user" }
]
}Update ldap package to v3
Can not modify operational attributes
I encounter an error during managing my system users. lets consider following user definition:
dn: cn=test,dc=example,dc=ldap,dc=com
objectClass: inetOrgPerson
userPassword:: <password>
enabled: true
emailVerified: true
sn: VPN test Delegation
locale: pl
cn: test
pwdPolicySubentry: cn=test-policies,ou=pwpolicies,dc=example,dc=ldap,dc=com
which translates to terraform code:
resource "ldap_object" "test_user" {
dn = "cn=test,dc=example,dc=ldap,dc=com"
object_classes = ["inetOrgPerson"]
attributes = [
{ userPassword = "<password>" },
{ enabled = "true" },
{ emailVerified = "true" },
{ sn = "VPN test Delegation" },
{ locale = "pl" },
{ pwdPolicySubentry = "cn=test-policies,ou=pwpolicies,dc=example,dc=ldap,dc=com" }
]
}such object can be imported and attribute pwdPolicySubentry can be seen in state. In openldap this attribute is so called "operational attribute" which is returned by ldap only if user explicite ask for it or if you add + sign at the end of ldapsearch command.
However when I run my terraform again, this provider tries to update this attribute and get response from ldap that it is already defined, below output from terraform:
Error: LDAP Result Code 20 "Attribute Or Value Exists": modify/add: pwdPolicySubentry: value #0 already exists
My question is if anyone had similar problem and know how to solve it? Or maybe is it itpossible to make this provider work with operational arguments? I know that not all operational arguments are editable, but this one does and I need it because some of my users must have diffrent than default password policies.
Recreating group without any changes added?
I'm able to create posixGroup first and then in the next plan (without any changes added), the plan keep showing the changes.
Below is my terraform code implementation:
resource "ldap_object" "groups" {
depends_on = [
ldap_object.organization_units
]
for_each = {
for group in local.ldap_groups: group.id => group
}
dn = "cn=${each.value.name},ou=${each.value.ou},${local.ldap_dn}"
object_classes = ["top", "posixGroup"]
attributes = [
{ gidnumber = "${each.key}" },
]
}Add CI
LDAP attribute names are case-insensitive
Hi!
If I define a resource with an attribute uniquemember, the resource is created correctly. However, if I run terraform apply again with no changes to my .tf file, this provider will try to update them with the attribute name uniqueMember. Ideally, the attribute names would be casefolded on comparison.
Thanks!
An example of using this module to get data?
I've got a purpose where I need a list of values from LDAP, and it'd be great to be able to have a data resource so that I could get that data out and then use it in other terraform things.
Thanks!
Resource attributes userPassword and uid
Hello, I've tried to use your terraform provider as there is no any good alternative to is.
But I found out few design issues in it
- That's how resource looks like
resource "ldap_object" "sl" {
dn = "uid=sl,ou=Users,${var.base_dn}"
object_classes = ["inetOrgPerson","organizationalPerson","top"]
attributes = [
{uid = "sl"},
{sn = "S"},
{cn = "L"},
{mail = "[email protected]"}
]
}
- next I imported resource as it is already in ldap directory
terraform import 'ldap_object.sl' "uid=sl,ou=Users,dc=domain,dc=example"
ldap_object.sl: Importing from ID "uid=sl,ou=Users,dc=domain,dc=example"...
ldap_object.sl: Import prepared!
Prepared ldap_object for import
ldap_object.sl: Refreshing state... [id=uid=sl,ou=Users,dc=domain,dc=example]
Import successful!
- Looking what we've got
terraform console
> ldap_object.sl
{
"attributes" = toset([
tomap({
"cn" = "S"
}),
tomap({
"mail" = "[email protected]"
}),
tomap({
"mailAlias" = "[email protected]"
}),
tomap({
"sambaLMPassword" = "XXXXX"
}),
tomap({
"sambaNTPassword" = "XXXXX"
}),
tomap({
"sambaPwdLastSet" = "1655740067"
}),
tomap({
"sn" = "L"
}),
tomap({
"userPassword" = "{SHA}XXXXX+XXXXXXX="
}),
])
"dn" = "uid=sl,ou=Users,dc=domain,dc=example"
"id" = "uid=sl,ou=Users,dc=domain,dc=example"
"object_classes" = toset([
"inetOrgPerson",
"organizationalPerson",
"sambaSamAccount",
"top",
])
}
- Then run plan
terraform plan -target 'ldap_object.sl'
ldap_object.sl: Refreshing state... [id=uid=sl,ou=Users,dc=domain,dc=example]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# ldap_object.sl will be updated in-place
~ resource "ldap_object" "sl" {
~ attributes = [
- {
- "mailAlias" = "[email protected]"
},
- {
- "sambaLMPassword" = "XXXXX"
},
- {
- "sambaNTPassword" = "XXXXX"
},
- {
- "sambaPwdLastSet" = "1655740067"
},
+ {
+ "uid" = "sl"
},
- {
- "userPassword" = "{SHA}XXXXX+XXXXXXX="
},
+ {},
]
id = "uid=sl,ou=Users,dc=domain,dc=example"
~ object_classes = [
- "sambaSamAccount",
# (3 unchanged elements hidden)
]
# (1 unchanged attribute hidden)
}
As you see UID attribute did not imported but it was going to be added it during plan
Also all attributes that was not described in resource were going to be removed.
Also I can't use livecycle -> ignore_changes for attributes because of terraform error
Error: Invalid index. This value does not have any indices.
Cause you use "attributes" = toset()
I think the proper way - do not do anything with attributes that are not described in resource.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.