mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-08-05 13:44:24 -07:00
[PR #6668/f3ecf4c7 backport][stable-7] ldap: Add client certificate support (#6696)
ldap: Add client certificate support (#6668)
* Set up secure ldap server
* ldap: Added client cert options
Shamelessly copied from https://github.com/andrewshulgin/ldap_search
* Added tests for ldap client authentication
* Add changelog fragment
* Make sure the openssl commands work on older versions of openssl
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove aliases for new arguments
* Add required_together to ldap module declerations
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit f3ecf4c7f8
)
Co-authored-by: Gnonthgol <gnonthgol+github@gmail.com>
This commit is contained in:
parent
7dcbb1ade4
commit
94f23ee647
12 changed files with 121 additions and 5 deletions
47
tests/integration/targets/ldap_search/tasks/tests/auth.yml
Normal file
47
tests/integration/targets/ldap_search/tasks/tests/auth.yml
Normal file
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- debug:
|
||||
msg: Running tests/auth.yml
|
||||
|
||||
####################################################################
|
||||
## Search ##########################################################
|
||||
####################################################################
|
||||
- name: Test simple search for password authenticated user
|
||||
ldap_search:
|
||||
dn: "ou=users,dc=example,dc=com"
|
||||
scope: "onelevel"
|
||||
filter: "(uid=ldaptest)"
|
||||
bind_dn: "uid=ldaptest,ou=users,dc=example,dc=com"
|
||||
bind_pw: "test1pass!"
|
||||
ignore_errors: true
|
||||
register: output
|
||||
|
||||
- name: assert that test LDAP user can read its password
|
||||
assert:
|
||||
that:
|
||||
- output is not failed
|
||||
- output.results | length == 1
|
||||
- output.results.0.userPassword is defined
|
||||
|
||||
- name: Test simple search for cert authenticated user
|
||||
ldap_search:
|
||||
dn: "ou=users,dc=example,dc=com"
|
||||
server_uri: "ldap://localhost/"
|
||||
start_tls: true
|
||||
ca_path: /usr/local/share/ca-certificates/ca.crt
|
||||
scope: "onelevel"
|
||||
filter: "(uid=ldaptest)"
|
||||
client_cert: "/root/user.crt"
|
||||
client_key: "/root/user.key"
|
||||
ignore_errors: true
|
||||
register: output
|
||||
|
||||
- name: assert that test LDAP user can read its password
|
||||
assert:
|
||||
that:
|
||||
- output is not failed
|
||||
- output.results | length == 1
|
||||
- output.results.0.userPassword is defined
|
Loading…
Add table
Add a link
Reference in a new issue