I have two AD trees. One is a flat, test system–no frills. Users reside in the default windows container (CN=Users under the DC). The other is our production system, which has users all over the place. I am able to query the test system for users, but not the production system.
Does win_domain_user only work with CN=Users at the root of the tree (ie. CN=Users,DC=mytest,DC=local)?
If so, is there a way to specify another DN? I haven’t been able to find one (for queries at least).
debug:
`
My query:
`
tasks:
name: Windows AD Testing
win_domain_user:
name: “{{ user }}”
state: query
register: username
debug:
var: username
`
Hmmmm… this might be a credssp issue. Let me work on that for a while and get back to this.
OK, it was an issue with credssp, but RHEL seems to have issues installing all of the necessary packages when on the latest code.
I am on 7.6 with pip 18.1. I had to downgrade pip in order to install credssp:
pip install --upgrade --force-reinstall pip==9.0.3
After that I upgraded pip again to 18.1
Seems to be working now. I have a ticket filed with RedHat to see if this can be fixed so we don’t have to jump through a lot of hoops to get it working on the latest code.