summaryrefslogtreecommitdiffstats
path: root/lib/modules/openldap
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-07-07 23:02:45 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:52:41 +0200
commit9198e7f8096e9f1b0d5f474cf2345913a357f864 (patch)
tree940cafc428e311b8ea82d9dad7a59c8bfb9251ac /lib/modules/openldap
parent3e38718677b10faca8970d9b1cc8edc215cce798 (diff)
Make the Ansible LDAP plugin able to delete entries and attributes.
Use it to delete cn=admin,dc=fripost,dc=org, and to remove the rootDN on the 'config' database.
Diffstat (limited to 'lib/modules/openldap')
-rw-r--r--lib/modules/openldap37
1 files changed, 32 insertions, 5 deletions
diff --git a/lib/modules/openldap b/lib/modules/openldap
index 1e84c32..69ee4df 100644
--- a/lib/modules/openldap
+++ b/lib/modules/openldap
@@ -265,31 +265,58 @@ def slapd_to_ldif(src, name):
def main():
module = AnsibleModule(
argument_spec = dict(
- state = dict( default="present", choices=["absent","present"]),
target = dict( default=None ),
module = dict( default=None ),
suffix = dict( default=None ),
format = dict( default="ldif", choices=["ldif","slapd.conf"] ),
name = dict( default=None ),
local = dict( default="no", choices=["no","file","template"] ),
+ delete = dict( default=None ),
),
supports_check_mode=True
)
params = module.params
- state = params['state']
target = params['target']
mod = params['module']
suffix = params['suffix']
form = params['format']
name = params['name']
+ delete = params['delete']
changed = False
try:
- if state == "absent":
- module.fail_json(msg="OpenLDAP's ansible: unsupported feature")
+ if delete is not None:
+ if name is None:
+ module.fail_json(msg="missing name")
+ l = ldap.initialize( 'ldapi://' )
+ l.sasl_interactive_bind_s('', ldap.sasl.external())
+ if delete == 'entry':
+ filterStr = '(objectClass=*)'
+ else:
+ filterStr = [ '(%s=*)' % x for x in delete.split(',') ]
+ if len(filterStr) > 1:
+ filterStr = '(|' + ''.join(filterStr) + ')'
+ else:
+ filterStr = filterStr[0]
+
+ try:
+ r = l.search_s( name, ldap.SCOPE_BASE, filterStr, attrsonly=1 )
+ except ldap.LDAPError, ldap.NO_SUCH_OBJECT:
+ r = None
- elif state == "present":
+ if r:
+ changed = True
+ if module.check_mode:
+ module.exit_json(changed=changed)
+ if delete == 'entry':
+ l.delete_s(r[0][0])
+ else:
+ attrlist = list(set(r[0][1].keys()) & set(delete.split(',')))
+ l.modify_s(r[0][0], [ (ldap.MOD_DELETE, x, None) for x in attrlist ])
+ l.unbind_s()
+
+ else:
if form == 'slapd.conf':
if name is None:
module.fail_json(msg="missing name")