Hi all,
I got my mistake: I just messed up the domain names. For testing purpose
I set a custom slapd_domain - and didn't set ldap_domain to the same
value - so they differed.
Kind regards
Jan
Am 09.03.21 um 22:47 schrieb Jan Kowalsky:
> Hi all,
>
> I go my first steps with slapd and ldap role. As far as I understood I
> set up first an slapd server. This just installs openldap and configures
> schema and admin users.
>
> After running
>
> debops service/slapd -l
ldap.example.org
>
> I end up with an running openldap and there are two passwords stored in
> ansible/secret/slapd/credentials/
>
> But with none of these passswords I can bind to the server:
>
> /usr/bin/ldapsearch -H
ldaps://ldap.example.org -D
> "cn=admin,dc=example,dc=org" -b "dc=example,dc=org" -W
>
> passwords are created here (roles/slapd/defaults/main.yml):
>
> slapd__superuser_config_password: '{{ "{CRYPT}" +
lookup("password",
> secret + "/slapd/credentials/" + slapd__config_rootdn | to_uuid +
> ".password"+ " encrypt=sha512_crypt length=32") }}'
>
> I understand: "DebOps uses the "to_uuid" Ansible filter to convert
LDAP
> Distinguished Names". Is there any possibility to convert uuids back to
> ldap dn's to know which one is which?
>
> My understanding is further that first steps for initialize the
> directory works with
>
> debops ldap/init-directory -l
ldap.example.org
>
> I get:
>
> ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
>
> Thanks for help and kind regards
> Jan
>