Hi everyone,
I searched this list but couldn’t find a valid answer.
I want to use the MS plugin microsoft.ad.ldap.yml inside a playbook.
As long, as I enter the LDAP username and password as clear text in the yml, everything runs smooth.
But, of course, this is not an option for production, so I’m looking for a way to store the password in a vault file.
Unfortunately, I can’t get it to work using variables at all.
There is a hint that one can use environment variables, but I’m really struggling.
Does anyone have a hint for me?
Thank you very much in advance,
Caroline
And: https://docs.ansible.com/ansible/latest/collections/microsoft/ad/ldap_inventory.html#parameter-password
If you set both:
MICROSOFT_AD_LDAP_USERNAME
MICROSOFT_AD_LDAP_PASSWORD
e.g.:
$ export MICROSOFT_AD_LDAP_USERNAME=read_only_user
$ export MICROSOFT_AD_LDAP_PASSWORD=Hugely_Complicated_Password
Then those should be consumed by the plugin. If your password has metacharacters, you’ll need to figure out the right combination of quoting/escaping too to ensure they’re ingested correctly?
If you read the examples in the plugin docs, they also show some lookups being used to populate the config, you could potentially tweak that to pull from an Ansible vault.