New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ldap lookup plugin to search and get ldap entries #27358

Open
wants to merge 3 commits into
base: devel
from

Conversation

Projects
None yet
6 participants
@GuillaumeSmaha

GuillaumeSmaha commented Jul 27, 2017

SUMMARY

Add ldap lookup plugin to search and get ldap entries

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

lib/ansible/plugins/lookup/ldap.py

ANSIBLE VERSION
ansible 2.4.0 (feature/add_module/ldap_get de0bd50d80) last updated 2017/07/23 00:03:53 (GMT +200)
  config file = None
  configured module search path = ['/home/mouxon/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/mouxon/Bureau/ansible-ladp/ansible/lib/ansible
  executable location = /home/mouxon/Bureau/ansible-ladp/ansible/bin/ansible
  python version = 3.5.3 (default, Jan 19 2017, 14:11:04) [GCC 6.3.0 20170118]
ADDITIONAL INFORMATION

This lookup was asked by @jtyr in PR #27195 to replace a module action.

This lookup plugin allows to request a LDAP server.
See examples :

  vars:
    ldap_user_admin:
        server_uri: ldap://localhost/
        bind_dn: cn=admin,dc=example,dc=com
        bind_pw: password
        dn: cn=admin,dc=example,dc=com

    ldap_users_admin:
        server_uri: ldap://localhost/
        bind_dn: cn=admin,dc=example,dc=com
        bind_pw: password
        search_base: dc=example,dc=com
        search_filter: (user_type=admin)

  tasks:
    - name: Get an user by dn entry
      debug: msg="Admin User: [{{ item.attributes.display_name }}]"
      with_items:
       - "{{ lookup('ldap', ldap_user_admin) }}"

    - name: Look for all admin user by calling with_ldap:
      debug: msg="Admin User DN: [{{ item.dn }}]"
      with_ldap: "{{ldap_users_admin}}"
@ansibot

This comment has been minimized.

Contributor

ansibot commented Jul 27, 2017

The test ansible-test sanity --test shebang failed with the following error:

Command "test/sanity/code-smell/shebang.sh" returned exit status 1.
>>> Standard Output
./lib/ansible/plugins/lookup/ldap.py:#!/usr/bin/python
One or more file(s) listed above have an unexpected shebang.
See test/sanity/code-smell/shebang.sh for the list of acceptable values.

click here for bot help

@GuillaumeSmaha GuillaumeSmaha force-pushed the GuillaumeSmaha:feature/add_lookup/ldap branch Jul 27, 2017

@ansibot ansibot removed the needs_revision label Jul 27, 2017

@GuillaumeSmaha GuillaumeSmaha force-pushed the GuillaumeSmaha:feature/add_lookup/ldap branch Jul 27, 2017

@GuillaumeSmaha GuillaumeSmaha force-pushed the GuillaumeSmaha:feature/add_lookup/ldap branch to c801b25 Jul 27, 2017

@ansibot ansibot removed the needs_revision label Jul 27, 2017

@nitzmahone nitzmahone added new_plugin and removed needs_triage labels Jul 27, 2017

@ansibot ansibot added the stale_ci label Aug 4, 2017

@michalmedvecky

This comment has been minimized.

michalmedvecky commented Sep 7, 2017

Please merge this to some release candidate 🙏

@GuillaumeSmaha

This comment has been minimized.

GuillaumeSmaha commented Oct 12, 2017

Any news for this PR ?

@hstock

This comment has been minimized.

hstock commented Aug 27, 2018

Anything blocking this from inclusion?

@GuillaumeSmaha GuillaumeSmaha force-pushed the GuillaumeSmaha:feature/add_lookup/ldap branch from c801b25 Aug 27, 2018

@ansibot ansibot removed the stale_ci label Aug 27, 2018

@GuillaumeSmaha GuillaumeSmaha force-pushed the GuillaumeSmaha:feature/add_lookup/ldap branch Aug 27, 2018

@GuillaumeSmaha GuillaumeSmaha force-pushed the GuillaumeSmaha:feature/add_lookup/ldap branch 3 times, most recently Aug 27, 2018

@ansibot

This comment has been minimized.

Contributor

ansibot commented Aug 27, 2018

The test ansible-test sanity --test yamllint [explain] failed with 1 error:

lib/ansible/plugins/lookup/ldap.py:107:14: error EXAMPLES: syntax error: mapping values are not allowed here

click here for bot help

@GuillaumeSmaha GuillaumeSmaha force-pushed the GuillaumeSmaha:feature/add_lookup/ldap branch Aug 27, 2018

@ansibot ansibot removed the ci_verified label Aug 27, 2018

@ansibot

This comment has been minimized.

Contributor

ansibot commented Aug 27, 2018

The test ansible-test sanity --test yamllint [explain] failed with 1 error:

lib/ansible/plugins/lookup/ldap.py:107:28: error EXAMPLES: syntax error: mapping values are not allowed here

click here for bot help

@ansibot ansibot added the ci_verified label Aug 27, 2018

@GuillaumeSmaha GuillaumeSmaha force-pushed the GuillaumeSmaha:feature/add_lookup/ldap branch Aug 27, 2018

@ansibot ansibot removed the ci_verified label Aug 27, 2018

@GuillaumeSmaha GuillaumeSmaha force-pushed the GuillaumeSmaha:feature/add_lookup/ldap branch to 007a8af Aug 27, 2018

@GuillaumeSmaha

This comment has been minimized.

GuillaumeSmaha commented Aug 27, 2018

@hstock PR is fixed for ansible 2.7

@gfdsa

This comment has been minimized.

gfdsa commented Nov 9, 2018

python ldap3 version 2.5
copy/pasted from the ldap.py documentation

    - name: Setup LDAP lookup of new account name
      set_fact:
        ldap_lookup_account:
          server_uri: "{{lookup('env','LDAP_SERVER_URI')}}"
          bind_dn: "{{lookup('env','LDAP_BIND_DN')}}"
          bind_pw: "{{lookup('env','LDAP_BIND_PW')}}"
          search_base: "{{lookup('env','LDAP_SEARCH_BASE')}}"
          search_filter: "(SAMAccountName={{sam_account_name}})"
    - name: Run the lookup
      set_fact:
        found_account: "{{ lookup('ldap', ldap_lookup_account) }}"

if there are results all is fine and business as usual
if the search doesn'f find any entries there is a problem:

Fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'ldap'. Error was a <class 'TypeError'>, original message: 'NoneType' object is not iterable"} 

here, on :271:

            for entry in entries:
                ret.append(self.get_clean_entry(entry))

Another issue, I am searching for a dn as per documentation, but it explodes on

fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'ldap'. Error was a <class 'ldap3.core.exceptions.LDAPInvalidFilterError'>, original message: invalid filter"}                                                                                                                                        

Because you pass an empty string to the search(). Modifying it to

if self.dn:
            result = self.connection.search(
                self.dn, '(objectClass=*)', search_scope=ldap3.SUBTREE, attributes=ldap3.ALL_ATTRIBUTES)

"fixes" the problem
did I miss something?

Michael Tabolsky and others added some commits Nov 19, 2018

Michael Tabolsky
Fix for empty search filter and None return
Return an empty array if nothing was found
Add ObjectClass=* filter to dn search
Merge pull request #1 from gfdsa/feature/add_lookup/ldap
Fix for empty search filter and None return
@ansibot

This comment has been minimized.

Contributor

ansibot commented Nov 19, 2018

@GuillaumeSmaha this PR contains the following merge commits:

Please rebase your branch to remove these commits.

click here for bot help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment