From 9198e7f8096e9f1b0d5f474cf2345913a357f864 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 7 Jul 2014 23:02:45 +0200
Subject: Make the Ansible LDAP plugin able to delete entries and attributes.

Use it to delete cn=admin,dc=fripost,dc=org, and to remove the rootDN on
the 'config' database.
---
 lib/action_plugins/openldap.py |  3 +++
 lib/modules/openldap           | 37 ++++++++++++++++++++++++++++++++-----
 2 files changed, 35 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/action_plugins/openldap.py b/lib/action_plugins/openldap.py
index ee8a991..5dbf59f 100644
--- a/lib/action_plugins/openldap.py
+++ b/lib/action_plugins/openldap.py
@@ -31,6 +31,9 @@ class ActionModule(object):
     def run(self, conn, tmp, module_name, module_args, inject, complex_args=None, **kwargs):
         ''' handler for file transfer operations '''
 
+        if self.runner.noop_on_check(inject):
+            return ReturnData(conn=conn, comm_ok=True, result=dict(skipped=True))
+
         # load up options
         options  = {}
         if complex_args:
diff --git a/lib/modules/openldap b/lib/modules/openldap
index 1e84c32..69ee4df 100644
--- a/lib/modules/openldap
+++ b/lib/modules/openldap
@@ -265,31 +265,58 @@ def slapd_to_ldif(src, name):
 def main():
     module = AnsibleModule(
         argument_spec   = dict(
-            state       = dict( default="present", choices=["absent","present"]),
             target      = dict( default=None ),
             module      = dict( default=None ),
             suffix      = dict( default=None ),
             format      = dict( default="ldif", choices=["ldif","slapd.conf"] ),
             name        = dict( default=None ),
             local       = dict( default="no", choices=["no","file","template"] ),
+            delete      = dict( default=None ),
         ),
         supports_check_mode=True
     )
 
     params      = module.params
-    state       = params['state']
     target      = params['target']
     mod         = params['module']
     suffix      = params['suffix']
     form        = params['format']
     name        = params['name']
+    delete      = params['delete']
 
     changed = False
     try:
-        if state == "absent":
-            module.fail_json(msg="OpenLDAP's ansible: unsupported feature")
+        if delete is not None:
+            if name is None:
+                module.fail_json(msg="missing name")
+            l = ldap.initialize( 'ldapi://' )
+            l.sasl_interactive_bind_s('', ldap.sasl.external())
+            if delete == 'entry':
+                filterStr = '(objectClass=*)'
+            else:
+                filterStr = [ '(%s=*)' % x for x in delete.split(',') ]
+                if len(filterStr) > 1:
+                    filterStr = '(|' + ''.join(filterStr) + ')'
+                else:
+                    filterStr = filterStr[0]
+
+            try:
+                r = l.search_s( name, ldap.SCOPE_BASE, filterStr, attrsonly=1 )
+            except ldap.LDAPError, ldap.NO_SUCH_OBJECT:
+                r = None
 
-        elif state == "present":
+            if r:
+                changed = True
+                if module.check_mode:
+                    module.exit_json(changed=changed)
+                if delete == 'entry':
+                    l.delete_s(r[0][0])
+                else:
+                    attrlist = list(set(r[0][1].keys()) & set(delete.split(',')))
+                    l.modify_s(r[0][0], [ (ldap.MOD_DELETE, x, None) for x in attrlist ])
+            l.unbind_s()
+
+        else:
             if form == 'slapd.conf':
                 if name is None:
                     module.fail_json(msg="missing name")
-- 
cgit v1.2.3