Feature/ldap gssapi sasl authentication (#1595)

* add sasl_class as parameter

* type str not string

* recreate .gitignore with vscode support

* document sasl_class parameter

* revert .gitignore changes (separate PR)

* docs - add version and end lines with .

* add changelog entry

* add sasl_class choices to docs as well

* changelog should link to issue

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Wim Van Leuven <wim.vanleuven@ucb.com>
Co-authored-by: Felix Fontein <felix@fontein.de>

plugins/module_utils/ldap.py

@@ -17,6 +17,11 @@ try:
     import ldap.sasl
 
     HAS_LDAP = True
+
+    SASCL_CLASS = {
+        'gssapi': ldap.sasl.gssapi,
+        'external': ldap.sasl.external,
+    }
 except ImportError:
     HAS_LDAP = False
 
@@ -30,6 +35,7 @@ def gen_specs(**specs):
         'server_uri': dict(default='ldapi:///'),
         'start_tls': dict(default=False, type='bool'),
         'validate_certs': dict(default=True, type='bool'),
+        'sasl_class': dict(choices=['external', 'gssapi'], default='external', type='str'),
     })
 
     return specs
@@ -46,6 +52,7 @@ class LdapGeneric(object):
         self.server_uri = self.module.params['server_uri']
         self.start_tls = self.module.params['start_tls']
         self.verify_cert = self.module.params['validate_certs']
+        self.sasl_class = self.module.params['sasl_class']
 
         # Establish connection
         self.connection = self._connect_to_ldap()
@@ -77,7 +84,8 @@ class LdapGeneric(object):
             if self.bind_dn is not None:
                 connection.simple_bind_s(self.bind_dn, self.bind_pw)
             else:
-                connection.sasl_interactive_bind_s('', ldap.sasl.external())
+                klass = SASCL_CLASS.get(self.sasl_class, ldap.sasl.external)
+                connection.sasl_interactive_bind_s('', klass())
         except ldap.LDAPError as e:
             self.fail("Cannot bind to the server.", e)