From 9198e7f8096e9f1b0d5f474cf2345913a357f864 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 7 Jul 2014 23:02:45 +0200 Subject: Make the Ansible LDAP plugin able to delete entries and attributes. Use it to delete cn=admin,dc=fripost,dc=org, and to remove the rootDN on the 'config' database. --- lib/action_plugins/openldap.py | 3 +++ lib/modules/openldap | 37 ++++++++++++++++++++++++++++++++----- 2 files changed, 35 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/action_plugins/openldap.py b/lib/action_plugins/openldap.py index ee8a991..5dbf59f 100644 --- a/lib/action_plugins/openldap.py +++ b/lib/action_plugins/openldap.py @@ -31,6 +31,9 @@ class ActionModule(object): def run(self, conn, tmp, module_name, module_args, inject, complex_args=None, **kwargs): ''' handler for file transfer operations ''' + if self.runner.noop_on_check(inject): + return ReturnData(conn=conn, comm_ok=True, result=dict(skipped=True)) + # load up options options = {} if complex_args: diff --git a/lib/modules/openldap b/lib/modules/openldap index 1e84c32..69ee4df 100644 --- a/lib/modules/openldap +++ b/lib/modules/openldap @@ -265,31 +265,58 @@ def slapd_to_ldif(src, name): def main(): module = AnsibleModule( argument_spec = dict( - state = dict( default="present", choices=["absent","present"]), target = dict( default=None ), module = dict( default=None ), suffix = dict( default=None ), format = dict( default="ldif", choices=["ldif","slapd.conf"] ), name = dict( default=None ), local = dict( default="no", choices=["no","file","template"] ), + delete = dict( default=None ), ), supports_check_mode=True ) params = module.params - state = params['state'] target = params['target'] mod = params['module'] suffix = params['suffix'] form = params['format'] name = params['name'] + delete = params['delete'] changed = False try: - if state == "absent": - module.fail_json(msg="OpenLDAP's ansible: unsupported feature") + if delete is not None: + if name is None: + module.fail_json(msg="missing name") + l = ldap.initialize( 'ldapi://' ) + l.sasl_interactive_bind_s('', ldap.sasl.external()) + if delete == 'entry': + filterStr = '(objectClass=*)' + else: + filterStr = [ '(%s=*)' % x for x in delete.split(',') ] + if len(filterStr) > 1: + filterStr = '(|' + ''.join(filterStr) + ')' + else: + filterStr = filterStr[0] + + try: + r = l.search_s( name, ldap.SCOPE_BASE, filterStr, attrsonly=1 ) + except ldap.LDAPError, ldap.NO_SUCH_OBJECT: + r = None - elif state == "present": + if r: + changed = True + if module.check_mode: + module.exit_json(changed=changed) + if delete == 'entry': + l.delete_s(r[0][0]) + else: + attrlist = list(set(r[0][1].keys()) & set(delete.split(','))) + l.modify_s(r[0][0], [ (ldap.MOD_DELETE, x, None) for x in attrlist ]) + l.unbind_s() + + else: if form == 'slapd.conf': if name is None: module.fail_json(msg="missing name") -- cgit v1.2.3