ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-08-05 13:44:24 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

[PR #6668/f3ecf4c7 backport][stable-7] ldap: Add client certificate support (#6696)

Browse source 
ldap: Add client certificate support (#6668)

* Set up secure ldap server

* ldap: Added client cert options

Shamelessly copied from https://github.com/andrewshulgin/ldap_search

* Added tests for ldap client authentication

* Add changelog fragment

* Make sure the openssl commands work on older versions of openssl

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Remove aliases for new arguments

* Add required_together to ldap module declerations

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit f3ecf4c7f8)

Co-authored-by: Gnonthgol <gnonthgol+github@gmail.com>
This commit is contained in:
patchback[bot] 2023-06-15 08:42:42 +02:00 committed by GitHub
commit 94f23ee647
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 121 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

47
tests/integration/targets/ldap_search/tasks/tests/auth.yml Normal file
View file

@ -0,0 +1,47 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- debug:
msg: Running tests/auth.yml
####################################################################
## Search ##########################################################
####################################################################
- name: Test simple search for password authenticated user
ldap_search:
dn: "ou=users,dc=example,dc=com"
scope: "onelevel"
filter: "(uid=ldaptest)"
bind_dn: "uid=ldaptest,ou=users,dc=example,dc=com"
bind_pw: "test1pass!"
ignore_errors: true
register: output
- name: assert that test LDAP user can read its password
assert:
that:
- output is not failed
- output.results | length == 1
- output.results.0.userPassword is defined
- name: Test simple search for cert authenticated user
ldap_search:
dn: "ou=users,dc=example,dc=com"
server_uri: "ldap://localhost/"
start_tls: true
ca_path: /usr/local/share/ca-certificates/ca.crt
scope: "onelevel"
filter: "(uid=ldaptest)"
client_cert: "/root/user.crt"
client_key: "/root/user.key"
ignore_errors: true
register: output
- name: assert that test LDAP user can read its password
assert:
that:
- output is not failed
- output.results | length == 1
- output.results.0.userPassword is defined