1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

ldap moduls: add optional ca_cert_file option (#6185)

* add ca_cert_file option

* fix pr url

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* update parameter name

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Reto Kupferschmid 2023-03-22 07:39:58 +01:00 committed by GitHub
parent f66cc7c933
commit 512bf4b77f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 0 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- ldap modules - add ``ca_path`` option (https://github.com/ansible-collections/community.general/pull/6185).

View file

@ -24,6 +24,11 @@ options:
- The password to use with I(bind_dn). - The password to use with I(bind_dn).
type: str type: str
default: '' default: ''
ca_path:
description:
- Set the path to PEM file with CA certs.
type: path
version_added: "6.5.0"
dn: dn:
required: true required: true
description: description:

View file

@ -34,6 +34,7 @@ def gen_specs(**specs):
specs.update({ specs.update({
'bind_dn': dict(), 'bind_dn': dict(),
'bind_pw': dict(default='', no_log=True), 'bind_pw': dict(default='', no_log=True),
'ca_path': dict(type='path'),
'dn': dict(required=True), 'dn': dict(required=True),
'referrals_chasing': dict(type='str', default='anonymous', choices=['disabled', 'anonymous']), 'referrals_chasing': dict(type='str', default='anonymous', choices=['disabled', 'anonymous']),
'server_uri': dict(default='ldapi:///'), 'server_uri': dict(default='ldapi:///'),
@ -52,6 +53,7 @@ class LdapGeneric(object):
self.module = module self.module = module
self.bind_dn = self.module.params['bind_dn'] self.bind_dn = self.module.params['bind_dn']
self.bind_pw = self.module.params['bind_pw'] self.bind_pw = self.module.params['bind_pw']
self.ca_path = self.module.params['ca_path']
self.referrals_chasing = self.module.params['referrals_chasing'] self.referrals_chasing = self.module.params['referrals_chasing']
self.server_uri = self.module.params['server_uri'] self.server_uri = self.module.params['server_uri']
self.start_tls = self.module.params['start_tls'] self.start_tls = self.module.params['start_tls']
@ -97,6 +99,9 @@ class LdapGeneric(object):
if not self.verify_cert: if not self.verify_cert:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
if self.ca_path:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca_path)
connection = ldap.initialize(self.server_uri) connection = ldap.initialize(self.server_uri)
if self.referrals_chasing == 'disabled': if self.referrals_chasing == 'disabled':