mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Add validate_certs option to ldap_attr, ldap_entry (#24060)
This fix adds a module option `validate_certs' to check self-signed certificate of LDAP server. Fixes https://github.com/ansible/ansible/issues/24009 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
parent
2fbfba0ef3
commit
a3053d8c2c
2 changed files with 29 additions and 3 deletions
|
@ -101,6 +101,14 @@ options:
|
|||
- The value(s) to add or remove. This can be a string or a list of
|
||||
strings. The complex argument format is required in order to pass
|
||||
a list of strings (see examples).
|
||||
validate_certs:
|
||||
required: false
|
||||
choices: ['yes', 'no']
|
||||
default: 'yes'
|
||||
description:
|
||||
- If C(no), SSL certificates will not be validated. This should only be
|
||||
used on sites using self-signed certificates.
|
||||
version_added: "2.4"
|
||||
"""
|
||||
|
||||
|
||||
|
@ -208,6 +216,7 @@ class LdapAttr(object):
|
|||
self.server_uri = self.module.params['server_uri']
|
||||
self.start_tls = self.module.params['start_tls']
|
||||
self.state = self.module.params['state']
|
||||
self.verify_cert = self.module.params['validate_certs']
|
||||
|
||||
# Normalize values
|
||||
if isinstance(self.module.params['values'], list):
|
||||
|
@ -276,6 +285,9 @@ class LdapAttr(object):
|
|||
return not self._is_value_present(value)
|
||||
|
||||
def _connect_to_ldap(self):
|
||||
if not self.verify_cert:
|
||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
||||
|
||||
connection = ldap.initialize(self.server_uri)
|
||||
|
||||
if self.start_tls:
|
||||
|
@ -312,13 +324,14 @@ def main():
|
|||
default='present',
|
||||
choices=['present', 'absent', 'exact']),
|
||||
'values': dict(required=True, type='raw'),
|
||||
'validate_certs': dict(default=True, type='bool'),
|
||||
},
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
if not HAS_LDAP:
|
||||
module.fail_json(
|
||||
msg="Missing requried 'ldap' module (pip install python-ldap)")
|
||||
msg="Missing required 'ldap' module (pip install python-ldap)")
|
||||
|
||||
# Update module parameters with user's parameters if defined
|
||||
if 'params' in module.params and isinstance(module.params['params'], dict):
|
||||
|
|
|
@ -101,6 +101,14 @@ options:
|
|||
default: present
|
||||
description:
|
||||
- The target state of the entry.
|
||||
validate_certs:
|
||||
required: false
|
||||
choices: ['yes', 'no']
|
||||
default: 'yes'
|
||||
description:
|
||||
- If C(no), SSL certificates will not be validated. This should only be
|
||||
used on sites using self-signed certificates.
|
||||
version_added: "2.4"
|
||||
"""
|
||||
|
||||
|
||||
|
@ -171,6 +179,7 @@ class LdapEntry(object):
|
|||
self.server_uri = self.module.params['server_uri']
|
||||
self.start_tls = self.module.params['start_tls']
|
||||
self.state = self.module.params['state']
|
||||
self.verify_cert = self.module.params['validate_certs']
|
||||
|
||||
# Add the objectClass into the list of attributes
|
||||
self.module.params['attributes']['objectClass'] = (
|
||||
|
@ -234,6 +243,9 @@ class LdapEntry(object):
|
|||
return is_present
|
||||
|
||||
def _connect_to_ldap(self):
|
||||
if not self.verify_cert:
|
||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
||||
|
||||
connection = ldap.initialize(self.server_uri)
|
||||
|
||||
if self.start_tls:
|
||||
|
@ -268,17 +280,18 @@ def main():
|
|||
'server_uri': dict(default='ldapi:///'),
|
||||
'start_tls': dict(default=False, type='bool'),
|
||||
'state': dict(default='present', choices=['present', 'absent']),
|
||||
'validate_certs': dict(default=True, type='bool'),
|
||||
},
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
if not HAS_LDAP:
|
||||
module.fail_json(
|
||||
msg="Missing requried 'ldap' module (pip install python-ldap).")
|
||||
msg="Missing required 'ldap' module (pip install python-ldap).")
|
||||
|
||||
state = module.params['state']
|
||||
|
||||
# Chek if objectClass is present when needed
|
||||
# Check if objectClass is present when needed
|
||||
if state == 'present' and module.params['objectClass'] is None:
|
||||
module.fail_json(msg="At least one objectClass must be provided.")
|
||||
|
||||
|
|
Loading…
Reference in a new issue