Integrating Microsoft LAPS and ansible

harsh_chawda · July 9, 2020, 10:52am

Hello All,

I am using ansible for patching windows machines in my domain. The process is working fine with patches being installed till date over Winrm and kerberos as authentication.

But now they have decided to use LAPS in the environment .So, the password keep on changing and i am not able to access with the same password and patch the servers.

So, i tried researching on the internet about it and how to integrate it with the current setup.But I am not able to do it.

Is it feasible and possible with ansible to use LAPS to retrieve password and patch windows machines as I am patching 5-10 machines at a stretch and all are having different passwords. And also is it secure to integrate it with ansible

If anyone have used it in their environment and help me out in this ,it would be great. As, I am completely blank on this and how to integrate it.

Thanks in advance.

jborean · July 13, 2020, 7:42pm

Theres the laps_password https://docs.ansible.com/ansible/latest/plugins/lookup/laps_password.html lookup that you can use to retrieve a password set by LAPS from AD. Unfortunately it requires a few extra bits to be installed on your host like OpenLDAP but it’s definitely possible.

harsh_chawda · July 15, 2020, 10:47am

Hello ,

Thanks for you reply. I will test it out the same.

Thanks again.

harsh_chawda · July 15, 2020, 11:33am

Hello,

I have one doubt like not all systems in my environment are configured with LAPS as of now.

So some of the systems are having LAPS others are having LDAP . So will both the things work out.

ie. basically if i install OpenLDAP , is it standalone package/module or will it replace the current configuration settings. ie. LDAP

Thanks for your reply.

jborean · July 15, 2020, 6:42pm

I don’t understand what you mean sorry. OpenLDAP is required on the controller because that’s a dependency of python-ldap that the lookup uses https://www.python-ldap.org/en/python-ldap-3.3.0/installing.html#installing. If you already have it installed then you don’t need to reinstall it.

If some hosts use LAPS then you can use this for plugin to get the password, for the others that don’t then you need some other mechanism to get the password.

harsh_chawda · July 22, 2020, 5:41am

Hello Jordan,

Thanks for your reply .

I am trying to do the same what you explained. Will post my queries if got any issues.

Thanks again.

Topic		Replies	Views
Integrating LAPS in my environmet AWX Project windows	0	1	July 9, 2020
Ansible and Windows Project Ansible Project windows , aws	4	3	August 27, 2019
Handling Windows Local Admin Passwords in Ansible? Ansible Developer windows , aws	5	3	March 15, 2016
LDAP lookup plugin / with_ldap iterator Ansible Developer	3	1	January 19, 2018
Bug? Windows - Ansible uses LDAP user not ansible_ssh_user!?! Ansible Project windows	12	1	September 6, 2015

Integrating Microsoft LAPS and ansible

Related topics