LDAPSearch Ansible Playbook

Hello, I’m attempting an LDAP search using an Ansible playbook to list the usernames. Unfortunately, it’s not working as expected. Does anyone have any tips or insights regarding this?

My playbook:

- name: Query AD for User List
  hosts: localhost
    ansible_python_interpreter: /usr/bin/python3
    - name: Query AD for users
        server_uri: ldap://domain.xy:389
        dn: "OU=Mitarbeiter,OU=PM,DC=domain,DC=xy"
        bind_dn: "CN=SU_PM_AWX,OU=PM,DC=domain,DC=xy"
        bind_pw: "xyz"
        filter: "(objectClass=user)"
        #validate_certs: no
          #- "sAMAccountName"
      register: ad_users

    - name: Display AD Users
        var: ad_users


PLAY [Query AD for User List] ************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Query AD for users] ****************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Display AD Users] ******************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "ad_users": {
        "changed": false,
        "failed": false,
        "results": []

PLAY RECAP *******************************************************************************************************************************************************************************************************************************************************************
localhost                  : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Hallo Emre

Have you tried to use the -vvv Flag to get more debugging output.

Have you tried to set your ‘filter:’ line to one of the ad_users you’re searching for, just to test if the LDAP server answers (correctly) at all


Hallo @wa_schaly ,

i tried it with -vvv but it shows not much more relevant information.
I tried also to execute an ldapsearch command from the CLI with the same parameters and credentials and it works fine.

Kind Regards,

Upsi - my question was not good enough :slight_smile:

what I ment.
can you delete the entire section ‘- name: Display AD Users’
delete the line 'register: … ’
and can you please set the filter: ‘(&(objectclass=user)(uid=some_numeric_existing_UID))’


Just to get this out of the way, are you getting results using ldapsearch (or any other CLI tools letting you query an LDAP directory) using the same filter ?