From 7f92e343ab4494c19674a12ea4d70b4023d10b27 Mon Sep 17 00:00:00 2001 From: Martin van Es Date: Tue, 1 Nov 2022 09:31:15 +0100 Subject: [PATCH 1/5] Allow for DN's to have {x} prefix on first RDN --- .../5450-allow-for-xordered-dns.yaml | 2 ++ plugins/module_utils/ldap.py | 21 ++++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/5450-allow-for-xordered-dns.yaml diff --git a/changelogs/fragments/5450-allow-for-xordered-dns.yaml b/changelogs/fragments/5450-allow-for-xordered-dns.yaml new file mode 100644 index 00000000000..74b5d155587 --- /dev/null +++ b/changelogs/fragments/5450-allow-for-xordered-dns.yaml @@ -0,0 +1,2 @@ +minor_changes: + - ldap_attrs - allow for DN's to have ``{x}`` prefix on first RDN (https://github.com/ansible-collections/community.general/issues/977, https://github.com/ansible-collections/community.general/pull/5450). diff --git a/plugins/module_utils/ldap.py b/plugins/module_utils/ldap.py index daf89f16d10..d5a8be91d43 100644 --- a/plugins/module_utils/ldap.py +++ b/plugins/module_utils/ldap.py @@ -15,6 +15,7 @@ try: import ldap + import ldap.dn import ldap.sasl HAS_LDAP = True @@ -48,7 +49,6 @@ def __init__(self, module): self.module = module self.bind_dn = self.module.params['bind_dn'] self.bind_pw = self.module.params['bind_pw'] - self.dn = self.module.params['dn'] self.referrals_chasing = self.module.params['referrals_chasing'] self.server_uri = self.module.params['server_uri'] self.start_tls = self.module.params['start_tls'] @@ -58,6 +58,9 @@ def __init__(self, module): # Establish connection self.connection = self._connect_to_ldap() + # Try to find the X_ORDERed version of the DN + self.dn = self._find_dn() + def fail(self, msg, exn): self.module.fail_json( msg=msg, @@ -65,6 +68,22 @@ def fail(self, msg, exn): exception=traceback.format_exc() ) + def _find_dn(self): + dn = self.module.params['dn'] + + explode_dn = ldap.dn.explode_dn(dn) + + if len(explode_dn) > 1: + try: + dns = self.connection.search_s(','.join(explode_dn[1:]), + ldap.SCOPE_ONELEVEL, "(%s)" % explode_dn[0]) + if len(dns) == 1: + dn, attrs = dns[0] + except Exception: + pass + + return dn + def _connect_to_ldap(self): if not self.verify_cert: ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) From cdaf73a41bd15b9f6535e8b6cef2607f76dc34c1 Mon Sep 17 00:00:00 2001 From: Martin Date: Wed, 2 Nov 2022 07:32:16 +0100 Subject: [PATCH 2/5] Update changelogs/fragments/5450-allow-for-xordered-dns.yaml Co-authored-by: Felix Fontein --- changelogs/fragments/5450-allow-for-xordered-dns.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/5450-allow-for-xordered-dns.yaml b/changelogs/fragments/5450-allow-for-xordered-dns.yaml index 74b5d155587..1bb1d9c761e 100644 --- a/changelogs/fragments/5450-allow-for-xordered-dns.yaml +++ b/changelogs/fragments/5450-allow-for-xordered-dns.yaml @@ -1,2 +1,2 @@ minor_changes: - - ldap_attrs - allow for DN's to have ``{x}`` prefix on first RDN (https://github.com/ansible-collections/community.general/issues/977, https://github.com/ansible-collections/community.general/pull/5450). + - ldap_attrs - allow for DNs to have ``{x}`` prefix on first RDN (https://github.com/ansible-collections/community.general/issues/977, https://github.com/ansible-collections/community.general/pull/5450). From fad290c12af2474f46ea8390ead08dcf10efd1b6 Mon Sep 17 00:00:00 2001 From: Martin van Es Date: Wed, 2 Nov 2022 07:55:49 +0100 Subject: [PATCH 3/5] Assign attrs to throw-away var --- plugins/module_utils/ldap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/module_utils/ldap.py b/plugins/module_utils/ldap.py index d5a8be91d43..3022ba8261a 100644 --- a/plugins/module_utils/ldap.py +++ b/plugins/module_utils/ldap.py @@ -78,7 +78,7 @@ def _find_dn(self): dns = self.connection.search_s(','.join(explode_dn[1:]), ldap.SCOPE_ONELEVEL, "(%s)" % explode_dn[0]) if len(dns) == 1: - dn, attrs = dns[0] + dn, _ = dns[0] except Exception: pass From eb00273bbedd5a81bc3367f1a07bfcacf23818d6 Mon Sep 17 00:00:00 2001 From: Martin Date: Wed, 2 Nov 2022 08:04:04 +0100 Subject: [PATCH 4/5] Update plugins/module_utils/ldap.py Co-authored-by: Felix Fontein --- plugins/module_utils/ldap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/module_utils/ldap.py b/plugins/module_utils/ldap.py index 3022ba8261a..9340795d486 100644 --- a/plugins/module_utils/ldap.py +++ b/plugins/module_utils/ldap.py @@ -78,7 +78,7 @@ def _find_dn(self): dns = self.connection.search_s(','.join(explode_dn[1:]), ldap.SCOPE_ONELEVEL, "(%s)" % explode_dn[0]) if len(dns) == 1: - dn, _ = dns[0] + dn, dummy = dns[0] except Exception: pass From b5ddd448ccf601bcfd717e7395e338c3be282aff Mon Sep 17 00:00:00 2001 From: Martin van Es Date: Wed, 2 Nov 2022 13:20:09 +0100 Subject: [PATCH 5/5] Escape DN before creating filter --- plugins/module_utils/ldap.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/plugins/module_utils/ldap.py b/plugins/module_utils/ldap.py index 9340795d486..03acaa58c59 100644 --- a/plugins/module_utils/ldap.py +++ b/plugins/module_utils/ldap.py @@ -16,6 +16,7 @@ try: import ldap import ldap.dn + import ldap.filter import ldap.sasl HAS_LDAP = True @@ -75,8 +76,10 @@ def _find_dn(self): if len(explode_dn) > 1: try: + escaped_value = ldap.filter.escape_filter_chars(explode_dn[0]) + filterstr = "(%s)" % escaped_value dns = self.connection.search_s(','.join(explode_dn[1:]), - ldap.SCOPE_ONELEVEL, "(%s)" % explode_dn[0]) + ldap.SCOPE_ONELEVEL, filterstr) if len(dns) == 1: dn, dummy = dns[0] except Exception: