Add module ldap inc (#9275)

* Add module ldap_inc

This module adds the ‘modify-increment’ capability corresponding to the extension implemented by OpenLdap described in RFC-4525. It can be used to increment an integer attribute and read it atomically. It is an help for posix userId definition while relying only on the directory server.

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>

Update plugins/modules/ldap_inc.py

Co-authored-by: Felix Fontein <felix@fontein.de>

Update plugins/modules/ldap_inc.py

Co-authored-by: Felix Fontein <felix@fontein.de>

Update plugins/modules/ldap_inc.py

Co-authored-by: Felix Fontein <felix@fontein.de>

Fix the check mode support

Check mode documentation fix

* Update plugins/modules/ldap_inc.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/ldap_inc.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/ldap_inc.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/ldap_inc.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/ldap_inc.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/ldap_inc.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/ldap_inc.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>

tests/integration/targets/ldap_inc/aliases

@@ -0,0 +1,11 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+azp/posix/1
+skip/aix
+skip/freebsd
+skip/osx
+skip/macos
+skip/rhel
+needs/root

tests/integration/targets/ldap_inc/meta/main.yml

@@ -0,0 +1,7 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+dependencies:
+  - setup_openldap

tests/integration/targets/ldap_inc/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+####################################################################
+# WARNING: These are designed specifically for Ansible tests       #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- name: Run LDAP search module tests
+  block:
+    - include_tasks: "{{ item }}"
+      with_fileglob:
+        - 'tests/*.yml'
+  when: ansible_os_family in ['Ubuntu', 'Debian']

tests/integration/targets/ldap_inc/tasks/tests/basic.yml

@@ -0,0 +1,99 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- debug:
+    msg: Running tests/basic.yml
+
+####################################################################
+## Increment #######################################################
+####################################################################
+- name: Test increment by default
+  ldap_inc:
+    bind_dn: "cn=admin,dc=example,dc=com"
+    bind_pw: "Test1234!"
+    dn: "cn=ldapinctest,ou=sequence,dc=example,dc=com"
+    attribute: "uidNumber"
+  ignore_errors: true
+  register: output
+
+- name: assert that test increment by default
+  assert:
+    that:
+       - output is not failed
+       - output.incremented
+       - output.value == "1001"
+       - output.rfc4525
+
+- name: Test defined increment
+  ldap_inc:
+    bind_dn: "cn=admin,dc=example,dc=com"
+    bind_pw: "Test1234!"
+    dn: "cn=ldapinctest,ou=sequence,dc=example,dc=com"
+    attribute: "uidNumber"
+    increment: 2
+  ignore_errors: true
+  register: output
+
+- name: assert that test increment by default
+  assert:
+    that:
+       - output is not failed
+       - output.incremented
+       - output.value == "1003"
+       - output.rfc4525
+
+- name: Test defined increment by 0
+  ldap_inc:
+    bind_dn: "cn=admin,dc=example,dc=com"
+    bind_pw: "Test1234!"
+    dn: "cn=ldapinctest,ou=sequence,dc=example,dc=com"
+    attribute: "uidNumber"
+    increment: 0
+  ignore_errors: true
+  register: output
+
+- name: assert that test defined increment by 0
+  assert:
+    that:
+       - output is not failed
+       - output.incremented == false
+       - output.value == "1003"
+
+- name: Test defined negative increment
+  ldap_inc:
+    bind_dn: "cn=admin,dc=example,dc=com"
+    bind_pw: "Test1234!"
+    dn: "cn=ldapinctest,ou=sequence,dc=example,dc=com"
+    attribute: "uidNumber"
+    increment: -1
+  ignore_errors: true
+  register: output
+
+- name: assert that test defined negative increment
+  assert:
+    that:
+       - output is not failed
+       - output.incremented
+       - output.value == "1002"
+       - output.rfc4525
+
+- name: Test forcing classic method instead of automatic detection
+  ldap_inc:
+    bind_dn: "cn=admin,dc=example,dc=com"
+    bind_pw: "Test1234!"
+    dn: "cn=ldapinctest,ou=sequence,dc=example,dc=com"
+    attribute: "uidNumber"
+    increment: -1
+    method: "legacy"
+  ignore_errors: true
+  register: output
+
+- name: assert that test defined negative increment
+  assert:
+    that:
+       - output is not failed
+       - output.incremented
+       - output.value == "1001"
+       - output.rfc4525 == False

tests/integration/targets/setup_openldap/files/inc_schema_cnconfig.ldif

@@ -0,0 +1,5 @@
+dn: cn=inc-schema,cn=schema,cn=config
+changetype: add
+objectClass: olcSchemaConfig
+cn: inc-schema
+olcObjectClasses: ( 1.3.6.1.4.1.4203.666.599 NAME 'uidNext' SUP top STRUCTURAL MUST ( cn $ uidNumber ) )

tests/integration/targets/setup_openldap/files/inc_schema_cnconfig.ldif.license

@@ -0,0 +1,3 @@
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-FileCopyrightText: Ansible Project

tests/integration/targets/setup_openldap/files/ldap_inc_config.ldif

@@ -0,0 +1,10 @@
+dn: ou=sequence,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: sequence
+
+dn: cn=ldapinctest,ou=sequence,dc=example,dc=com
+uidNumber: 1000
+objectClass: top
+objectClass: uidNext
+cn: ldapinctest

tests/integration/targets/setup_openldap/files/ldap_inc_config.ldif.license

@@ -0,0 +1,3 @@
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-FileCopyrightText: Ansible Project

tests/integration/targets/setup_openldap/tasks/main.yml

@@ -79,14 +79,21 @@
         - rootpw_cnconfig.ldif
         - cert_cnconfig.ldif
         - initial_config.ldif
+        - inc_schema_cnconfig.ldif
+        - ldap_inc_config.ldif
 
     - name: Configure admin password for cn=config
       shell: "ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/{{ item }}"
       loop:
         - rootpw_cnconfig.ldif
         - cert_cnconfig.ldif
+        - inc_schema_cnconfig.ldif
 
     - name: Add initial config
       become: true
-      shell: 'ldapadd -H ldapi:/// -x -D "cn=admin,dc=example,dc=com" -w Test1234! -f /tmp/initial_config.ldif'
+      shell: 'ldapadd -H ldapi:/// -x -D "cn=admin,dc=example,dc=com" -w Test1234! -f /tmp/{{ item }}'
+      loop:
+        - initial_config.ldif
+        - ldap_inc_config.ldif
+
   when: ansible_os_family in ['Ubuntu', 'Debian']