'LDAP Parent Entry does not exist : Openstack OIDC

I am newbie to openstack and OIDC and creating a dummy OIDC Issuer for my instances, however during a task of Ensuring ou for users (I am following an official guide) I am getting an exception.

My yml file is

- name: Ensure ou for users
  community.general.ldap_entry:
    dn: ou=people,dc=springframework,dc=org
    objectClass:
      - top
      - organizationalUnit
    bind_dn: cn=Directory\ Manager
    bind_pw: "{{ kypo_crp_oidc_local_provider_ldap_root_password }}"
    server_uri: ldaps://localhost:1636
    validate_certs: False
  register: ldap_entry
  until: ldap_entry is not failed
  retries: 30
  delay: 5

I got an exception saying parent entry doesnot exist in server

FAILED - RETRYING: Ensure ou for users (3 retries left).
FAILED - RETRYING: Ensure ou for users (2 retries left).
FAILED - RETRYING: Ensure ou for users (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: 
ldap.NO_SUCH_OBJECT: {'msgtype': 105, 'msgid': 3, 'result': 32, 'desc': 'No such object', 'ctrls': [], 'info': 'Entry ou=people,dc=springframework,dc=org cannot be added because its parent entry dc=springframework,dc=org does not exist in the server'}
fatal: [kypo]: FAILED! => {"attempts": 30, "changed": false, "details": "{'msgtype': 105, 'msgid': 3, 'result': 32, 'desc': 'No such object', 'ctrls': [], 'info': 'Entry ou=people,dc=springframework,dc=org cannot be added because its parent entry dc=springframework,dc=org does not exist in the server'}", "msg": "Entry action failed."}
ldapopenid-connectopenstack


Solution 1:[1]

In your ldaps://localhost:1636 ldap server, you need to create the base search dn, you can alter your yml file to something like:

- name: pre-Ensure ou for users
  community.general.ldap_entry:
  dn: dc=springframework,dc=org
  objectClass:
  - top
  - organizationalUnit
bind_dn: cn=Directory\ Manager
bind_pw: "{{ kypo_crp_oidc_local_provider_ldap_root_password }}"
server_uri: ldaps://localhost:1636
validate_certs: False
register: ldap_entry
until: ldap_entry is not failed
retries: 30
delay: 5

- name: Ensure ou for users
community.general.ldap_entry:
dn: ou=people,dc=springframework,dc=org
objectClass:
  - top
  - organizationalUnit
bind_dn: cn=Directory\ Manager
bind_pw: "{{ kypo_crp_oidc_local_provider_ldap_root_password }}"
server_uri: ldaps://localhost:1636
validate_certs: False
register: ldap_entry
until: ldap_entry is not failed
retries: 30
delay: 5

An other solution would be to directly create the base entry in your ldap using ldapadd or ldapmodify command: your input ldif:

 dn: dc=springframework,dc=org
 changetype: add
 objectClass: top

Then:

ldapmodify -a -x -D "cn=Directory Manager" -w password -H ldap://lcoalhost -f file.ldif

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Hamza Tahiri

Related Questions

No authentication handler is registered for the scheme 'Cookies'. The registered schemes are: Application, Bearer, ASOS

What is the best approach to logout from keycloak after authentication via pkce?

How do I validate a JWT using JwtSecurityTokenHandler and a JWKS endpoint?

Change the preferred_username in token for client credential grant flow

ASP.NET Web API and OpenID Connect: how to get Access Token from Authorization Code

What are the default Lifetime values for openiddict tokens

Web API with Microsoft Identity Platform Authentication

RFC - Adding Group Claims from OKTA to Role Claims in .net Framework Using OIDC

Blazor WebAssembly Hosted on IIS - only API is working

OpenIdConnectProtocolValidator - nonce error

Logout from Keycloak does not logout Active Directory User

OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint

How to configure Keycloak to work with Guacamole's OpenID plugin?

Web App SPA & OIDC: How to properly authenticate before accessing the front?

Null Reference Exception when calling GraphServiceClient from a .net core Razor application that uses OpenIdConnect