Pass ldap account

[astlaurent]

Curious if I am using ldap for authentication can I pass those credentials to the playbook.

Also any way to not get credentials to show up in clear text in the extra vars in the job logs section

[ansibleguy76]

No, passwords in ldap are stored as a hash and can not be retrieved/reversed. It's the nature of ldap.
I could mask the credentials in the extravars, better is to just disable extravars showing, it's somewhat funny we should mask something we just typed our selves and that is going to be sent to ansible that could print it with debug.

[astlaurent]

My concern with the password showing in extra vars is not that I can see my own password it is more the fact that a different user can go into the joblog and see passwords in there. I could disable extra vars but someone could just turn it back on just to compromise accounts.

[astlaurent]

Hi, Still a bit confused on this. I have a username and password on a form. The vars look like below. I noticed that admin users can see the password exposed in the joblog of all the users if they click on extravars. To me that seems like a huge risk that if someone logs in as admin they can see any field marked as password that someone submitted on a form.

• name: ansible_user
  label: Ansible Username
  type: text
  required: true
  group: Credentials
• name: ansible_password
  label: Ansible Password
  noLog: true
  type: password
  required: true
  group: Credentials

[ansibleguy76]

but what version are you currently using? previously only the an field named "password" was masked. from now on (latest-rc) you can set a regex that is currently password|token|secret in the property name

[astlaurent]

I performed the upgrade procedure to get the latest-rc docker image. When I run the app it still claims 6.0.1 though

[ansibleguy76]

you are still on the old then.
remove container
pull latest-rc
create container

[astlaurent]

I got it fixed up and the regex password piece works well. Thanks for your help. You are the best