Allow for DN's to have {x} prefix on first RDN (ansible-collections#5450

) * Allow for DN's to have {x} prefix on first RDN * Update changelogs/fragments/5450-allow-for-xordered-dns.yaml Co-authored-by: Felix Fontein <[email protected]> * Assign attrs to throw-away var * Update plugins/module_utils/ldap.py Co-authored-by: Felix Fontein <[email protected]> * Escape DN before creating filter Co-authored-by: Felix Fontein <[email protected]>
russoz-ansible · Nov 6, 2022 · 5d595e4 · 5d595e4
1 parent 8ef3664
commit 5d595e4
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/changelogs/fragments/5450-allow-for-xordered-dns.yaml b/changelogs/fragments/5450-allow-for-xordered-dns.yaml
@@ -0,0 +1,2 @@
+minor_changes:
+  - ldap_attrs - allow for DNs to have ``{x}`` prefix on first RDN (https://github.com/ansible-collections/community.general/issues/977, https://github.com/ansible-collections/community.general/pull/5450).
diff --git a/plugins/module_utils/ldap.py b/plugins/module_utils/ldap.py
@@ -15,6 +15,8 @@
 
 try:
     import ldap
+    import ldap.dn
+    import ldap.filter
     import ldap.sasl
 
     HAS_LDAP = True
@@ -48,7 +50,6 @@ def __init__(self, module):
         self.module = module
         self.bind_dn = self.module.params['bind_dn']
         self.bind_pw = self.module.params['bind_pw']
-        self.dn = self.module.params['dn']
         self.referrals_chasing = self.module.params['referrals_chasing']
         self.server_uri = self.module.params['server_uri']
         self.start_tls = self.module.params['start_tls']
@@ -58,13 +59,34 @@ def __init__(self, module):
         # Establish connection
         self.connection = self._connect_to_ldap()
 
+        # Try to find the X_ORDERed version of the DN
+        self.dn = self._find_dn()
+
     def fail(self, msg, exn):
         self.module.fail_json(
             msg=msg,
             details=to_native(exn),
             exception=traceback.format_exc()
         )
 
+    def _find_dn(self):
+        dn = self.module.params['dn']
+
+        explode_dn = ldap.dn.explode_dn(dn)
+
+        if len(explode_dn) > 1:
+            try:
+                escaped_value = ldap.filter.escape_filter_chars(explode_dn[0])
+                filterstr = "(%s)" % escaped_value
+                dns = self.connection.search_s(','.join(explode_dn[1:]),
+                                               ldap.SCOPE_ONELEVEL, filterstr)
+                if len(dns) == 1:
+                    dn, dummy = dns[0]
+            except Exception:
+                pass
+
+        return dn
+
     def _connect_to_ldap(self):
         if not self.verify_cert:
             ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		minor_changes:
		- ldap_attrs - allow for DNs to have ``{x}`` prefix on first RDN (https://github.com/ansible-collections/community.general/issues/977, https://github.com/ansible-collections/community.general/pull/5450).