diff options
author | Ansible Core Team <info@ansible.com> | 2020-03-09 09:40:29 +0000 |
---|---|---|
committer | Ansible Core Team <info@ansible.com> | 2020-03-09 09:40:29 +0000 |
commit | 6e048cc2689d033b7757174d582077dd4af494b5 (patch) | |
tree | 05eb51738d05d26c992b439214c3dd7ffd1af538 /lib/ansible/modules/net_tools/ldap/_ldap_attr.py | |
parent | cb06e04e718f73173a6dcae1b082637063bae786 (diff) | |
download | ansible-6e048cc2689d033b7757174d582077dd4af494b5.tar.gz |
Migrated to community.general
Diffstat (limited to 'lib/ansible/modules/net_tools/ldap/_ldap_attr.py')
-rw-r--r-- | lib/ansible/modules/net_tools/ldap/_ldap_attr.py | 292 |
1 files changed, 0 insertions, 292 deletions
diff --git a/lib/ansible/modules/net_tools/ldap/_ldap_attr.py b/lib/ansible/modules/net_tools/ldap/_ldap_attr.py deleted file mode 100644 index 6d76d647cf..0000000000 --- a/lib/ansible/modules/net_tools/ldap/_ldap_attr.py +++ /dev/null @@ -1,292 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -# Copyright: (c) 2016, Peter Sagerson <psagers@ignorare.net> -# Copyright: (c) 2016, Jiri Tyr <jiri.tyr@gmail.com> -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['deprecated'], - 'supported_by': 'community' -} - -DOCUMENTATION = r''' ---- -module: ldap_attr -short_description: Add or remove LDAP attribute values -description: - - Add or remove LDAP attribute values. -notes: - - This only deals with attributes on existing entries. To add or remove - whole entries, see M(ldap_entry). - - The default authentication settings will attempt to use a SASL EXTERNAL - bind over a UNIX domain socket. This works well with the default Ubuntu - install for example, which includes a cn=peercred,cn=external,cn=auth ACL - rule allowing root to modify the server configuration. If you need to use - a simple bind to access your server, pass the credentials in I(bind_dn) - and I(bind_pw). - - For I(state=present) and I(state=absent), all value comparisons are - performed on the server for maximum accuracy. For I(state=exact), values - have to be compared in Python, which obviously ignores LDAP matching - rules. This should work out in most cases, but it is theoretically - possible to see spurious changes when target and actual values are - semantically identical but lexically distinct. -version_added: '2.3' -deprecated: - removed_in: '2.14' - why: 'The current "ldap_attr" module does not support LDAP attribute insertions or deletions with objectClass dependencies.' - alternative: 'Use M(ldap_attrs) instead. Deprecated in 2.10.' -author: - - Jiri Tyr (@jtyr) -requirements: - - python-ldap -options: - name: - description: - - The name of the attribute to modify. - type: str - required: true - state: - description: - - The state of the attribute values. - - If C(present), all given values will be added if they're missing. - - If C(absent), all given values will be removed if present. - - If C(exact), the set of values will be forced to exactly those provided and no others. - - If I(state=exact) and I(value) is an empty list, all values for this attribute will be removed. - type: str - choices: [ absent, exact, present ] - default: present - values: - description: - - The value(s) to add or remove. This can be a string or a list of - strings. The complex argument format is required in order to pass - a list of strings (see examples). - type: raw - required: true - params: - description: - - Additional module parameters. - type: dict -extends_documentation_fragment: -- ldap.documentation -''' - -EXAMPLES = r''' -- name: Configure directory number 1 for example.com - ldap_attr: - dn: olcDatabase={1}hdb,cn=config - name: olcSuffix - values: dc=example,dc=com - state: exact - -# The complex argument format is required here to pass a list of ACL strings. -- name: Set up the ACL - ldap_attr: - dn: olcDatabase={1}hdb,cn=config - name: olcAccess - values: - - >- - {0}to attrs=userPassword,shadowLastChange - by self write - by anonymous auth - by dn="cn=admin,dc=example,dc=com" write - by * none' - - >- - {1}to dn.base="dc=example,dc=com" - by dn="cn=admin,dc=example,dc=com" write - by * read - state: exact - -- name: Declare some indexes - ldap_attr: - dn: olcDatabase={1}hdb,cn=config - name: olcDbIndex - values: "{{ item }}" - with_items: - - objectClass eq - - uid eq - -- name: Set up a root user, which we can use later to bootstrap the directory - ldap_attr: - dn: olcDatabase={1}hdb,cn=config - name: "{{ item.key }}" - values: "{{ item.value }}" - state: exact - with_dict: - olcRootDN: cn=root,dc=example,dc=com - olcRootPW: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND" - -- name: Get rid of an unneeded attribute - ldap_attr: - dn: uid=jdoe,ou=people,dc=example,dc=com - name: shadowExpire - values: [] - state: exact - server_uri: ldap://localhost/ - bind_dn: cn=admin,dc=example,dc=com - bind_pw: password - -# -# The same as in the previous example but with the authentication details -# stored in the ldap_auth variable: -# -# ldap_auth: -# server_uri: ldap://localhost/ -# bind_dn: cn=admin,dc=example,dc=com -# bind_pw: password -- name: Get rid of an unneeded attribute - ldap_attr: - dn: uid=jdoe,ou=people,dc=example,dc=com - name: shadowExpire - values: [] - state: exact - params: "{{ ldap_auth }}" -''' - -RETURN = r''' -modlist: - description: list of modified parameters - returned: success - type: list - sample: '[[2, "olcRootDN", ["cn=root,dc=example,dc=com"]]]' -''' - -import traceback - -from ansible.module_utils.basic import AnsibleModule, missing_required_lib -from ansible.module_utils._text import to_native, to_bytes -from ansible.module_utils.ldap import LdapGeneric, gen_specs - -LDAP_IMP_ERR = None -try: - import ldap - - HAS_LDAP = True -except ImportError: - LDAP_IMP_ERR = traceback.format_exc() - HAS_LDAP = False - - -class LdapAttr(LdapGeneric): - def __init__(self, module): - LdapGeneric.__init__(self, module) - - # Shortcuts - self.name = self.module.params['name'] - self.state = self.module.params['state'] - - # Normalize values - if isinstance(self.module.params['values'], list): - self.values = list(map(to_bytes, self.module.params['values'])) - else: - self.values = [to_bytes(self.module.params['values'])] - - def add(self): - values_to_add = list(filter(self._is_value_absent, self.values)) - - if len(values_to_add) > 0: - modlist = [(ldap.MOD_ADD, self.name, values_to_add)] - else: - modlist = [] - - return modlist - - def delete(self): - values_to_delete = list(filter(self._is_value_present, self.values)) - - if len(values_to_delete) > 0: - modlist = [(ldap.MOD_DELETE, self.name, values_to_delete)] - else: - modlist = [] - - return modlist - - def exact(self): - try: - results = self.connection.search_s( - self.dn, ldap.SCOPE_BASE, attrlist=[self.name]) - except ldap.LDAPError as e: - self.fail("Cannot search for attribute %s" % self.name, e) - - current = results[0][1].get(self.name, []) - modlist = [] - - if frozenset(self.values) != frozenset(current): - if len(current) == 0: - modlist = [(ldap.MOD_ADD, self.name, self.values)] - elif len(self.values) == 0: - modlist = [(ldap.MOD_DELETE, self.name, None)] - else: - modlist = [(ldap.MOD_REPLACE, self.name, self.values)] - - return modlist - - def _is_value_present(self, value): - """ True if the target attribute has the given value. """ - try: - is_present = bool( - self.connection.compare_s(self.dn, self.name, value)) - except ldap.NO_SUCH_ATTRIBUTE: - is_present = False - - return is_present - - def _is_value_absent(self, value): - """ True if the target attribute doesn't have the given value. """ - return not self._is_value_present(value) - - -def main(): - module = AnsibleModule( - argument_spec=gen_specs( - name=dict(type='str', required=True), - params=dict(type='dict'), - state=dict(type='str', default='present', choices=['absent', 'exact', 'present']), - values=dict(type='raw', required=True), - ), - supports_check_mode=True, - ) - - if not HAS_LDAP: - module.fail_json(msg=missing_required_lib('python-ldap'), - exception=LDAP_IMP_ERR) - - # Update module parameters with user's parameters if defined - if 'params' in module.params and isinstance(module.params['params'], dict): - module.params.update(module.params['params']) - # Remove the params - module.params.pop('params', None) - - # Instantiate the LdapAttr object - ldap = LdapAttr(module) - - state = module.params['state'] - - # Perform action - if state == 'present': - modlist = ldap.add() - elif state == 'absent': - modlist = ldap.delete() - elif state == 'exact': - modlist = ldap.exact() - - changed = False - - if len(modlist) > 0: - changed = True - - if not module.check_mode: - try: - ldap.connection.modify_s(ldap.dn, modlist) - except Exception as e: - module.fail_json(msg="Attribute action failed.", details=to_native(e)) - - module.exit_json(changed=changed, modlist=modlist) - - -if __name__ == '__main__': - main() |