mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
ldap moduls: add optional ca_cert_file option (#6185)
* add ca_cert_file option * fix pr url * Apply suggestions from code review Co-authored-by: Felix Fontein <felix@fontein.de> * update parameter name --------- Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
f66cc7c933
commit
512bf4b77f
3 changed files with 12 additions and 0 deletions
2
changelogs/fragments/xxxx-ldap-ca-cert-file.yml
Normal file
2
changelogs/fragments/xxxx-ldap-ca-cert-file.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- ldap modules - add ``ca_path`` option (https://github.com/ansible-collections/community.general/pull/6185).
|
|
@ -24,6 +24,11 @@ options:
|
||||||
- The password to use with I(bind_dn).
|
- The password to use with I(bind_dn).
|
||||||
type: str
|
type: str
|
||||||
default: ''
|
default: ''
|
||||||
|
ca_path:
|
||||||
|
description:
|
||||||
|
- Set the path to PEM file with CA certs.
|
||||||
|
type: path
|
||||||
|
version_added: "6.5.0"
|
||||||
dn:
|
dn:
|
||||||
required: true
|
required: true
|
||||||
description:
|
description:
|
||||||
|
|
|
@ -34,6 +34,7 @@ def gen_specs(**specs):
|
||||||
specs.update({
|
specs.update({
|
||||||
'bind_dn': dict(),
|
'bind_dn': dict(),
|
||||||
'bind_pw': dict(default='', no_log=True),
|
'bind_pw': dict(default='', no_log=True),
|
||||||
|
'ca_path': dict(type='path'),
|
||||||
'dn': dict(required=True),
|
'dn': dict(required=True),
|
||||||
'referrals_chasing': dict(type='str', default='anonymous', choices=['disabled', 'anonymous']),
|
'referrals_chasing': dict(type='str', default='anonymous', choices=['disabled', 'anonymous']),
|
||||||
'server_uri': dict(default='ldapi:///'),
|
'server_uri': dict(default='ldapi:///'),
|
||||||
|
@ -52,6 +53,7 @@ class LdapGeneric(object):
|
||||||
self.module = module
|
self.module = module
|
||||||
self.bind_dn = self.module.params['bind_dn']
|
self.bind_dn = self.module.params['bind_dn']
|
||||||
self.bind_pw = self.module.params['bind_pw']
|
self.bind_pw = self.module.params['bind_pw']
|
||||||
|
self.ca_path = self.module.params['ca_path']
|
||||||
self.referrals_chasing = self.module.params['referrals_chasing']
|
self.referrals_chasing = self.module.params['referrals_chasing']
|
||||||
self.server_uri = self.module.params['server_uri']
|
self.server_uri = self.module.params['server_uri']
|
||||||
self.start_tls = self.module.params['start_tls']
|
self.start_tls = self.module.params['start_tls']
|
||||||
|
@ -97,6 +99,9 @@ class LdapGeneric(object):
|
||||||
if not self.verify_cert:
|
if not self.verify_cert:
|
||||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
||||||
|
|
||||||
|
if self.ca_path:
|
||||||
|
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca_path)
|
||||||
|
|
||||||
connection = ldap.initialize(self.server_uri)
|
connection = ldap.initialize(self.server_uri)
|
||||||
|
|
||||||
if self.referrals_chasing == 'disabled':
|
if self.referrals_chasing == 'disabled':
|
||||||
|
|
Loading…
Reference in a new issue