Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow for DN's to have {x} prefix on first RDN #5450

Merged
merged 5 commits into from
Nov 5, 2022
Merged

Allow for DN's to have {x} prefix on first RDN #5450

merged 5 commits into from
Nov 5, 2022

Conversation

mrvanes
Copy link
Contributor

@mrvanes mrvanes commented Nov 1, 2022

SUMMARY

Allow for DN's to have {x} prefix on first RDN.
This is an extension to #5385

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

ldap

ADDITIONAL INFORMATION

It turns out that in OpenLDAP's cn=config, DN's can be ordered as well and configuring OpenLDAP through ansible therefor is quite cumbersome.

See the following example:

Suppose I want to enable slapd monitoring via cn=config. I would need to add back_monitor to cn=module{0},cn=config which is now correctly handled by #5385. However, I would also need to add a DN:

- name: Setup Monitor
  community.general.ldap_entry:
    dn: olcdatabase=monitor,cn=config
    objectClass: olcDatabaseConfig
    attributes:
      olcRootDN: "cn=admin,cn=Monitor"
      olcRootPW: "{{ '%s' | format(monitor_ldap_password) |  slapd_hash }}"

This entry, however will show up in cn=config as olcDatabase={2}monitor.ldif and subsequent runs will fail because a monitor database can only be added once here.
This problem can be solved by explicitly specifying the {2} prefix in the task, but I think it would be nice to let users add the bare DN and not have to think about the consequences of ordering.

The change tries to find the DN by searching ONELEVEL below the superior RDN for the first RDN. It goes at length to be backwards compatible by falling back to the original configured DN if anything unexpected happens. Only if searching results in one and only one result, the newly found DN is returned, possibly updating the bare version with the ordered prefix one.

@ansibullbot ansibullbot added feature This issue/PR relates to a feature request module_utils module_utils needs_ci This PR requires CI testing to be performed. Please close and re-open this PR to trigger CI needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR plugins plugin (any type) labels Nov 1, 2022
@ansibullbot ansibullbot removed needs_ci This PR requires CI testing to be performed. Please close and re-open this PR to trigger CI needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR labels Nov 1, 2022
@mrvanes mrvanes mentioned this pull request Nov 1, 2022
Merged
@felixfontein felixfontein added the check-before-release PR will be looked at again shortly before release and merged if possible. label Nov 1, 2022
@felixfontein
Copy link
Collaborator

recheck

@github-actions

This comment was marked as off-topic.

Sign in to view
felixfontein
felixfontein approved these changes Nov 2, 2022
View reviewed changes
Copy link
Collaborator

@felixfontein felixfontein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested it and it doesn't break for me. Would be great if someone with better LDAP knowledge could also review this :)

@felixfontein
Copy link
Collaborator

@rekup since you're also interested in the LDAP modules, maybe you can take a look here?

rekup
rekup reviewed Nov 2, 2022
View reviewed changes
plugins/module_utils/ldap.py Outdated Show resolved Hide resolved
@felixfontein
Copy link
Collaborator

If nobody complains, I'll merge this tomorrow.

@felixfontein felixfontein merged commit ee39fd5 into ansible-collections:main Nov 5, 2022
@felixfontein felixfontein removed the check-before-release PR will be looked at again shortly before release and merged if possible. label Nov 5, 2022
@felixfontein
Copy link
Collaborator

@mrvanes thanks for your contribution!

russoz pushed a commit to russoz-ansible/community.general that referenced this pull request Nov 10, 2022
@mrvanes @felixfontein @russoz
Allow for DN's to have {x} prefix on first RDN (ansible-collections#5450
09dc06e 
)

* Allow for DN's to have {x} prefix on first RDN

* Update changelogs/fragments/5450-allow-for-xordered-dns.yaml

Co-authored-by: Felix Fontein <[email protected]>

* Assign attrs to throw-away var

* Update plugins/module_utils/ldap.py

Co-authored-by: Felix Fontein <[email protected]>

* Escape DN before creating filter

Co-authored-by: Felix Fontein <[email protected]>
russoz pushed a commit to russoz-ansible/community.general that referenced this pull request Jan 9, 2023
@mrvanes @felixfontein @russoz
Allow for DN's to have {x} prefix on first RDN (ansible-collections#5450
5d595e4 
)

* Allow for DN's to have {x} prefix on first RDN

* Update changelogs/fragments/5450-allow-for-xordered-dns.yaml

Co-authored-by: Felix Fontein <[email protected]>

* Assign attrs to throw-away var

* Update plugins/module_utils/ldap.py

Co-authored-by: Felix Fontein <[email protected]>

* Escape DN before creating filter

Co-authored-by: Felix Fontein <[email protected]>
@martin-kuba martin-kuba mentioned this pull request Feb 23, 2023
Closed
1 task
@aeneby aeneby mentioned this pull request Feb 2, 2024
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@felixfontein felixfontein felixfontein approved these changes

@rekup rekup rekup left review comments

Assignees
No one assigned
Labels
feature This issue/PR relates to a feature request module_utils module_utils plugins plugin (any type)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mrvanes @felixfontein @rekup @ansibullbot