diff --git a/changelogs/fragments/6045-xorder-discovery.yml b/changelogs/fragments/6045-xorder-discovery.yml new file mode 100644 index 0000000000..5e7fb5a031 --- /dev/null +++ b/changelogs/fragments/6045-xorder-discovery.yml @@ -0,0 +1,2 @@ +minor_changes: + - ldap modules - add ``xorder_discovery`` option (https://github.com/ansible-collections/community.general/issues/6045, https://github.com/ansible-collections/community.general/pull/6109). diff --git a/plugins/doc_fragments/ldap.py b/plugins/doc_fragments/ldap.py index 1f04c0f600..8cbe276945 100644 --- a/plugins/doc_fragments/ldap.py +++ b/plugins/doc_fragments/ldap.py @@ -65,4 +65,15 @@ options: choices: ['external', 'gssapi'] default: external version_added: "2.0.0" + xorder_discovery: + description: + - Set the behavior on how to process Xordered DNs. + - C(enable) will perform a C(ONELEVEL) search below the superior RDN to find the matching DN. + - C(disable) will always use the DN unmodified (as passed by the I(dn) parameter). + - C(auto) will only perform a search if the first RDN does not contain an index number (C({x})). + - Possible choices are C(enable), C(auto), C(disable). + type: str + choices: ['enable', 'auto', 'disable'] + default: auto + version_added: "6.4.0" ''' diff --git a/plugins/module_utils/ldap.py b/plugins/module_utils/ldap.py index 03acaa58c5..cc6a37199b 100644 --- a/plugins/module_utils/ldap.py +++ b/plugins/module_utils/ldap.py @@ -10,6 +10,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type +import re import traceback from ansible.module_utils.common.text.converters import to_native @@ -39,6 +40,7 @@ def gen_specs(**specs): 'start_tls': dict(default=False, type='bool'), 'validate_certs': dict(default=True, type='bool'), 'sasl_class': dict(choices=['external', 'gssapi'], default='external', type='str'), + 'xorder_discovery': dict(choices=['enable', 'auto', 'disable'], default='auto', type='str'), }) return specs @@ -55,12 +57,16 @@ class LdapGeneric(object): self.start_tls = self.module.params['start_tls'] self.verify_cert = self.module.params['validate_certs'] self.sasl_class = self.module.params['sasl_class'] + self.xorder_discovery = self.module.params['xorder_discovery'] # Establish connection self.connection = self._connect_to_ldap() - # Try to find the X_ORDERed version of the DN - self.dn = self._find_dn() + if self.xorder_discovery == "enable" or (self.xorder_discovery == "auto" and not self._xorder_dn()): + # Try to find the X_ORDERed version of the DN + self.dn = self._find_dn() + else: + self.dn = self.module.params['dn'] def fail(self, msg, exn): self.module.fail_json( @@ -113,3 +119,8 @@ class LdapGeneric(object): self.fail("Cannot bind to the server.", e) return connection + + def _xorder_dn(self): + # match X_ORDERed DNs + regex = r"\w+=\{\d+\}.+" + return re.match(regex, self.module.params['dn']) is not None diff --git a/plugins/modules/ldap_search.py b/plugins/modules/ldap_search.py index 32efd4edd6..ad79a2d73a 100644 --- a/plugins/modules/ldap_search.py +++ b/plugins/modules/ldap_search.py @@ -135,7 +135,6 @@ class LdapSearch(LdapGeneric): def __init__(self, module): LdapGeneric.__init__(self, module) - self.dn = self.module.params['dn'] self.filterstr = self.module.params['filter'] self.attrlist = [] self._load_scope()