LDAP: Refactor and add ldap_passwd module (#33040)

* modules/net_tools/ldap: Refactor shared options * modules/net_tools/ldap: Refactor shared code * modules/net_tools/ldap: Add ldap_passwd module * modules/net_tools/ldap/ldap_passwd: More robust change check * In some deployments, using compare_s results in spurious “changed” results, while bind is more reliable. The downside is that it results in an extra connection, and the code it more involved. * ldap_passwd: Rename methods passwd_[cs] * ldap_passwd: Remove unecessary type=str * ldap: Factor-out failure cases * ldap_passwd: Provide more precise error messages * ldap_passwd: Irrelevant syntax changes * ldap_passwd: Rename u_con to tmp_con * ldap_passwd: Keep HAS_LDAP local * LDAP doc update * Resolved all copyright related issues * Resolved self.fail calls * Update documentation Signed-off-by: The Fox in the Shell <KellerFuchs@hashbang.sh> Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2025-04-24 19:31:26 -07:00 · 2018-04-27 10:24:05 +00:00 · 2018-04-27 10:24:05 +00:00 · efe7c20100
commit efe7c20100
parent 19e1f41837
5 changed files with 311 additions and 177 deletions
--- a/lib/ansible/utils/module_docs_fragments/ldap.py
+++ b/lib/ansible/utils/module_docs_fragments/ldap.py
@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2016, Peter Sagerson <psagers@ignorare.net>
+# Copyright: (c) 2016, Jiri Tyr <jiri.tyr@gmail.com>
+# Copyright: (c) 2017-2018 Keller Fuchs (@kellerfuchs) <kellerfuchs@hashbang.sh>
+#
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+
+class ModuleDocFragment(object):
+    # Standard LDAP documentation fragment
+    DOCUMENTATION = '''
+options:
+  bind_dn:
+    description:
+      - A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism.
+      - If this is blank, we'll use an anonymous bind.
+  bind_pw:
+    description:
+      - The password to use with I(bind_dn).
+  dn:
+    required: true
+    description:
+      - The DN of the entry to add or remove.
+  server_uri:
+    default: ldapi:///
+    description:
+      - A URI to the LDAP server.
+      - The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location.
+  start_tls:
+    default: 'no'
+    type: bool
+    description:
+      - If true, we'll use the START_TLS LDAP extension.
+  validate_certs:
+    default: 'yes'
+    type: bool
+    description:
+      - If set to C(no), SSL certificates will not be validated.
+      - This should only be used on sites using self-signed certificates.
+    version_added: "2.4"
+'''