microsoft.ad.parse_dn filter – Parses an LDAP DistinguishedName string into an object.

Note

This filter plugin is part of the microsoft.ad collection (version 1.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install microsoft.ad.

To use it in a playbook, specify: microsoft.ad.parse_dn.

New in microsoft.ad 1.5.0

Synopsis

  • Parses the provided LDAP DistinguishedName (DN) string value into a structured object.

  • The rules for parsing as defined in RFC 4514.

  • Each DN contains Relative DistinguishedNames (RDN) separated by , and each RDN can contain multiple attribute type values also known as an AVA. While Microsoft Active Directory DNs can only contain 1 AVA in an RDN this parser supports multiple AVAs.

  • The returned object for each DN will be provided as a list of lists where the outer list is each RDN component separated by , and the inner list is each AVA separated by = and +. Each RDN entry is guaranteed to have 2 string values for the AVA type and value but can contain more if the RDN contains multiple AVAs separated by +.

  • The parsed RDN attribute values will be unescaped to represent the actual value rather than the raw string in the DN.

  • A DN that is invalid will raise a filter error.

Input

This describes the input of the filter, the value before | microsoft.ad.parse_dn.

Parameter

Comments

Input

string / required

The LDAP DistinguishedName string to parse.

See Also

See also

microsoft.ad.dn_escape

microsoft.ad.dn_escape filter

microsoft.ad.ldap

microsoft.ad.ldap inventory

Examples

- name: Parses a simple DN
  set_fact:
    my_dn: '{{ "CN=Foo,DC=domain,DC=com" | microsoft.ad.parse_dn }}'

# [
#   ["CN", "Foo"],
#   ["DC", "domain"],
#   ["DC", "com"],
# ]

- name: Parses a DN with an escaped and multi attribute values
  set_fact:
    my_dn: '{{ "CN=CA,O=Acme\, Inc.,C=AU+ST=Queensland" | microsoft.ad.parse_dn }}'

# [
#   ["CN", "CA"],
#   ["O", "Acme, Inc."],
#   ["C", "AU", "ST", "Queensland"]
# ]

# Extract the group names the computer is a member of in the ldap inventory
# plugin, for example gets the first RDN value inside the parsed DN.
attributes:
  memberOf:
    computer_membership: this | microsoft.ad.parse_dn | map(attribute="0.1")

Return Value

Key

Description

Return value

list / elements=list

The parsed LDAP DN values.

Returned: success

Sample: [["CN", "Foo"], ["DC", "domain"], ["DC", "com"]]

Authors

  • Jordan Borean (@jborean93)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.