microsoft.ad.parse_dn filter – Parses an LDAP DistinguishedName string into an object.

Note

This filter plugin is part of the microsoft.ad collection (version 1.7.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install microsoft.ad.

To use it in a playbook, specify: microsoft.ad.parse_dn.

New in microsoft.ad 1.5.0

Synopsis

  • Parses the provided LDAP DistinguishedName (DN) string value into a structured object.

  • The rules for parsing as defined in RFC 4514.

  • Each DN contains Relative DistinguishedNames (RDN) separated by , and each RDN can contain multiple attribute type values also known as an AVA. While Microsoft Active Directory DNs can only contain 1 AVA in an RDN this parser supports multiple AVAs.

  • The returned object for each DN will be provided as a list of lists where the outer list is each RDN component separated by , and the inner list is each AVA separated by = and +. Each RDN entry is guaranteed to have 2 string values for the AVA type and value but can contain more if the RDN contains multiple AVAs separated by +.

  • The parsed RDN attribute values will be unescaped to represent the actual value rather than the raw string in the DN.

  • A DN that is invalid will raise a filter error.

Input

This describes the input of the filter, the value before | microsoft.ad.parse_dn.

Parameter

Comments

Input

string / required

The LDAP DistinguishedName string to parse.

See Also

See also

microsoft.ad.dn_escape

microsoft.ad.dn_escape filter

microsoft.ad.ldap

microsoft.ad.ldap inventory

Examples

- name: Parses a simple DN
  set_fact:
    my_dn: '{{ "CN=Foo,DC=domain,DC=com" | microsoft.ad.parse_dn }}'

# [
#   ["CN", "Foo"],
#   ["DC", "domain"],
#   ["DC", "com"],
# ]

- name: Parses a DN with an escaped and multi attribute values
  set_fact:
    my_dn: '{{ "CN=CA,O=Acme\, Inc.,C=AU+ST=Queensland" | microsoft.ad.parse_dn }}'

# [
#   ["CN", "CA"],
#   ["O", "Acme, Inc."],
#   ["C", "AU", "ST", "Queensland"]
# ]

# Extract the group names the computer is a member of in the ldap inventory
# plugin, for example gets the first RDN value inside the parsed DN.
attributes:
  memberOf:
    computer_membership: this | microsoft.ad.parse_dn | map(attribute="0.1")

Return Value

Key

Description

Return value

list / elements=list

The parsed LDAP DN values.

Returned: success

Sample: [["CN", "Foo"], ["DC", "domain"], ["DC", "com"]]

Authors

  • Jordan Borean (@jborean93)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.