majic-ansible-roles Changeset

Changeset - f3f487ef0454

Parent rev.

Child rev.

[Not reviewed]

0 2 0

Branko Majic (branko) - 6 years ago 2018-05-29 23:31:13
branko@majic.rs

MAR-129: Fixed deprecation of check_invalid_arguments in m_ldap_entry:

- Updated the module itself.
- Updated the ldap_server tasks.

2 files changed with 75 insertions and 53 deletions:

roles/ldap_server/library/m_ldap_entry.py

roles/ldap_server/tasks/main.yml

0 comments (0 inline, 0 general)

roles/ldap_server/library/m_ldap_entry.py

➞

Show inline comments

@@ @@ -69,45 +69,62 @@ options: @@
 EXAMPLES = """
 # Create sub-trees for storing user and group information.
 m_ldap_entry: dn=ou=people,dc=example,dc=com objectClass=organizationalUnit ou=people
 m_ldap_entry: dn=ou=groups,dc=example,dc=com objectClass=organizationalUnit ou=groups
 m_ldap_entry:
   dn: ou=people,dc=example,dc=com
   attributes:
     objectClass: organizationalUnit
     ou: people
 m_ldap_entry:
   dn: ou=groups,dc=example,dc=com
   attributes:
     objectClass: organizationalUnit
     ou: groups
 # Remove old entries, using simple bind authentication.
 m_ldap_entry: dn=ou=accounting,dc=example,dc=com state=absent bind_dn=cn=admin,dc=example,dc=com bind_password=foo123
 m_ldap_entry:
   dn: ou=accounting,dc=example,dc=com
   state: absent
   bind_dn: cn=admin,dc=example,dc=com
   bind_password: foo123
 # Create a complex entry that has multiple values for single attribute.
 m_ldap_entry:
   dn: uid=john,ou=people,dc=example,dc=com
   objectClass:
     - inetOrgPerson
     - simpleSecurityObject
   uid: john
   cn: John Doe
   sn: Doe
   givenName: John
   displayName: base64:Sm9obiBEb2U=
   initials: JD
   mail: john.doe@example.com
   mobile: +1 11 111 111 11
   usercertificate;binary: base64:MIIC...lotsofcharacters...+/A==
   attributes:
     objectClass:
       - inetOrgPerson
       - simpleSecurityObject
     uid: john
     cn: John Doe
     sn: Doe
     givenName: John
     displayName: base64:Sm9obiBEb2U=
     initials: JD
     mail: john.doe@example.com
     mobile: +1 11 111 111 11
     usercertificate;binary: base64:MIIC...lotsofcharacters...+/A==
 # Add attribute to an entry.
 m_ldap_entry:
   dn: uid=john,ou=people,dc=example,dc=com
   state: append
   mail: john.doe@example.com
   attributes:
     mail: john.doe@example.com
 # Make sure the configuration database has specific logging level enabled.
 m_ldap_entry:
   dn: cn=config
   state: replace
   olcLogLevel: 256
   attributes:
     olcLogLevel: 256
 # Remove attribute from an entry.
 m_ldap_entry:
   dn: uid=john,ou=people,dc=example,dc=com
   state: replace
   uid: ""
   attributes:
     uid: ""
 """
 from ansible.module_utils.basic import *
@@ @@ -345,7 +362,6 @@ def main(): @@
             bind_password=dict(required=False, no_log=True),
             attributes=dict(required=False, type='dict', default=None),
             ),
         check_invalid_arguments=False
+        )
     if not ldap_found:
@@ @@ -373,10 +389,6 @@ def main(): @@
         for name, value in module.params["attributes"].iteritems():
             attributes[name] = repack_value(value)
     for name, value in module.params.iteritems():
         if name not in module.argument_spec:
             attributes.setdefault(name, []).extend(repack_value(value))
             attributes[name] = list(set(attributes[name]))
     try:
         connection = get_ldap_connection(module.params["server_uri"],
                                          module.params["bind_dn"],

roles/ldap_server/tasks/main.yml

➞

Show inline comments

@@ @@ -85,7 +85,8 @@ @@
   m_ldap_entry:
     dn: cn=config
     state: replace
     olcLogLevel: "{{ ldap_server_log_level }}"
     attributes:
       olcLogLevel: "{{ ldap_server_log_level }}"
 - name: Test if LDAP misc schema has been applied
   command: "ldapsearch -H ldapi:/// -Q -LLL -A -Y EXTERNAL -b cn=schema,cn=config -s one '(cn={*}misc)' cn"
@@ @@ -128,9 +129,10 @@ @@
   m_ldap_entry:
     dn: cn=config
     state: replace
     olcTLSCertificateFile: "/etc/ssl/certs/{{ ansible_fqdn }}_ldap.pem"
     olcTLSCertificateKeyFile: "/etc/ssl/private/{{ ansible_fqdn }}_ldap.key"
     olcTLSCipherSuite: "{{ ldap_tls_ciphers }}"
     attributes:
       olcTLSCertificateFile: "/etc/ssl/certs/{{ ansible_fqdn }}_ldap.pem"
       olcTLSCertificateKeyFile: "/etc/ssl/private/{{ ansible_fqdn }}_ldap.key"
       olcTLSCipherSuite: "{{ ldap_tls_ciphers }}"
   notify:
     - Restart slapd
@@ @@ -138,26 +140,29 @@ @@
   m_ldap_entry:
     dn: cn=config
     state: replace
     olcSecurity: "ssf={{ ldap_server_ssf }}"
     olcLocalSSF: "{{ ldap_server_ssf }}"
     attributes:
       olcSecurity: "ssf={{ ldap_server_ssf }}"
       olcLocalSSF: "{{ ldap_server_ssf }}"
 - name: Enable the memberof module
   m_ldap_entry:
     dn: "cn=module{0},cn=config"
     state: append
     olcModuleLoad: "{1}memberof"
     attributes:
       olcModuleLoad: "{1}memberof"
 - name: Enable the memberof overlay for database
   m_ldap_entry:
     dn: "olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config"
     objectClass:
       - olcConfig
       - olcMemberOf
       - olcOverlayConfig
     olcOverlay: memberof
     olcMemberOfRefInt: "TRUE"
     olcMemberOfGroupOC: groupOfUniqueNames
     olcMemberOfMemberAD: uniqueMember
     attributes:
       objectClass:
         - olcConfig
         - olcMemberOf
         - olcOverlayConfig
       olcOverlay: memberof
       olcMemberOfRefInt: "TRUE"
       olcMemberOfGroupOC: groupOfUniqueNames
       olcMemberOfMemberAD: uniqueMember
 - name: Apply database permissions
   m_ldap_permissions:
@@ @@ -168,9 +173,10 @@ @@
   m_ldap_entry: ""
   args:
     dn: "ou={{ item }},{{ ldap_server_int_basedn }}"
     objectClass:
       - organizationalUnit
     ou: "{{ item }}"
     attributes:
       objectClass:
         - organizationalUnit
       ou: "{{ item }}"
   with_items:
     - people
     - groups
@@ @@ -180,15 +186,17 @@ @@
   m_ldap_entry: ""
   args:
     dn: "ou=mail,ou=services,{{ ldap_server_int_basedn }}"
     objectClass: organizationalUnit
     ou: mail
     attributes:
       objectClass: organizationalUnit
       ou: mail
 - name: Create LDAP directory structure for mail service
   m_ldap_entry: ""
   args:
     dn: "ou={{ item }},ou=mail,ou=services,{{ ldap_server_int_basedn }}"
     objectClass: organizationalUnit
     ou: "{{ item }}"
     attributes:
       objectClass: organizationalUnit
       ou: "{{ item }}"
   with_items:
     - domains
     - aliases
@@ @@ -197,11 +205,12 @@ @@
   m_ldap_entry: ""
   args:
     dn: "cn={{ item.name }},ou=services,{{ ldap_server_int_basedn }}"
     objectClass:
       - applicationProcess
       - simpleSecurityObject
     cn: "{{ item.name }}"
     userPassword: "{{ item.password }}"
     attributes:
       objectClass:
         - applicationProcess
         - simpleSecurityObject
       cn: "{{ item.name }}"
       userPassword: "{{ item.password }}"
     state: "{{ item.state | default('present') }}"
   with_items: "{{ ldap_server_consumers }}"
@@ @@ -209,9 +218,10 @@ @@
   m_ldap_entry: ""
   args:
     dn: "cn={{ item.name }},ou=groups,{{ ldap_server_int_basedn }}"
     objectClass: groupOfUniqueNames
     cn: "{{ item.name }}"
     uniqueMember: "cn=NONE"
     attributes:
       objectClass: groupOfUniqueNames
       cn: "{{ item.name }}"
       uniqueMember: "cn=NONE"
     state: "{{ item.state | default('append') }}"
   with_items: "{{ ldap_server_groups }}"

0 comments (0 inline, 0 general)