You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
returnnil, fmt.Errorf("command Get-ADUser exited with a non-zero exit code %d, stderr: %s", result.ExitCode, result.StdErr)
}
u, err:=unmarshallUser([]byte(result.Stdout), customAttributes)
iferr!=nil {
returnnil, fmt.Errorf("error while unmarshalling user json document: %s", err)
}
returnu, nil
}
The password is being set by Vault static role, users confirmed they can log in into windows using the user/pass combination when $ is present, it's just that terraform ad that fails
Customer Pain Context
The customer is not able to use $ character in the password and this can cause issues if dynamically the password generated has $. Hence, putting a pain score of 9.
To Reproduce
-Connect in a double hop environment with a $ in the password:
The text was updated successfully, but these errors were encountered:
Terraform Version and Provider Version
Terraform 1.8.4
Terraform-Ad 0.5.0
Windows Version
Windows 2022
Affected Resource(s)
Terraform Configuration Files
Debug Output
Panic Output
NA
Expected Behavior
Terraform continues to work with new user/password
Actual Behavior
Terraform fails to run commands using Powershell, and the account becomes locked
Steps to Reproduce
terraform apply
Important Factoids
New password is having
$
due company policiesReferences
N/A
Community Note
When the password for winrm have special character dollar $ the Get-ADUser command fails and the account becomes lock
error:
Refer screenshot attached of user locked out during terraform plan execution.
terraform-provider-ad/ad/internal/winrmhelper/winrm_user.go
Lines 567 to 594 in 33adbdc
The password is being set by Vault static role, users confirmed they can log in into windows using the user/pass combination when $ is present, it's just that terraform ad that fails
provider "ad" {
domain_controller = var.domain_controller
krb_conf = var.krb_conf
krb_realm = var.krb_realm
krb_spn = var.krb_spn
winrm_hostname = var.winrm_hostname
winrm_username = data.vault_ldap_static_credentials.ad_id.username
winrm_password = data.vault_ldap_static_credentials.ad_id.password
winrm_pass_credentials = var.winrm_pass_credentials
winrm_port = var.winrm_port
winrm_proto = var.winrm_proto
}
Customer Pain Context
The customer is not able to use $ character in the password and this can cause issues if dynamically the password generated has $. Hence, putting a pain score of 9.
To Reproduce
-Connect in a double hop environment with a $ in the password:
The text was updated successfully, but these errors were encountered: