Fetch rootdse from LDAP server

Archives Ansible Project
1

I am trying to use community.general.ldap_search to return the RootDSE from a LDAP server (RedHat Directory Server). The LDAP server is configured to allow anonymous access to the RootDSE (nsslapd-allow-anonymous-access: rootdse) and I can retrieve it with ldapsearch:

ldapsearch -LLL -x -H ldap://myldapserver.example.com -b ‘’ -s base defaultnamingContext
dn:
defaultnamingContext: dc=mysrv,dc=example,dc=com

But I am unable to duplicate that with the ldap_search module:

ansible localhost -m community.general.ldap_search -a "server_uri=‘ldap://myldapserver.example.com’ validate_certs=false bind_dn=‘’ dn=‘dn:’ scope=base "

localhost | FAILED! => {
“changed”: false,
“details”: “{‘info’: ‘Anonymous access is not allowed.’, ‘desc’: ‘Inappropriate authentication’}”,
“invocation”: {
“module_args”: {
“attrs”: null,
“bind_dn”: “”,
“bind_pw”: “”,
“dn”: “dn:”,
“filter”: “(objectClass=*)”,
“referrals_chasing”: “anonymous”,
“sasl_class”: “external”,
“schema”: false,
“scope”: “base”,
“server_uri”: “ldap://myldapserver.example.com”,
“start_tls”: false,
“validate_certs”: false
}
},
“msg”: “Attribute action failed.”
}

So how can I retrieve the RootDSE with ldap_search? Has anyone else had success with this or am I going to be forced to shell out to ldapsearch?

2

Whether your service account has sufficient privilege? What does it say while triggering in debug mode?

3

I found the answer:

ansible localhost -m community.general.ldap_search -a “server_uri=‘ldap://myldapserver.example.com’ validate_certs=false bind_dn=‘’ dn=‘’ scope=base attrs=defaultnamingcontext”

localhost | SUCCESS => {
“changed”: false,
“results”: [
{
“defaultnamingcontext”: “dc=mysrv,dc=example,dc=com”,
“dn”: “”
}
]
}

Leave the bind_dn null and the ldap_search module converts that to anonymous. And leave dn null to specify the RootDSE.