-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add module ldap_attrs; deprecate ldap_attr #31664
Conversation
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
I'm testing this module under python3 in my own test lab; apart from the minor issue I found, it seems to work like a charm. Mind, the current ldap_attr and ldap_entry currently have the same bytes-vs-str issue, so it might be worth a separate PR to fix the py3 compatibility simultaneously |
Good point. I never verified the module with py3. But as I remember this code block comes directly from current ldap_attr module. So it should be indeed fixed there and in ldap_entry as well. |
8076977
to
334c7ed
Compare
Actually I think the proper way would be to modify line 193 to |
@CtrlC-Root using ansible natives is better, yes. |
The 'ldap_attrs' Ansible module is a replacement for the 'ldap_attr' module created by Alexander Korinek. It supports management of multiple LDAP attributes at once, which solves several issues with LDAP configuration. At the moment the 'ldap_attrs' module is not part of Ansible core, therefore it will be included in the 'debops.ansible_plugins' role for the forseeable future. Ref: ansible/ansible#31664
This change should make the 'ldap_attrs' Ansible module usable in Python 3 environments. Ref: ansible/ansible#31664 (review)
The 'ldap_attrs' Ansible module is a replacement for the 'ldap_attr' module created by Alexander Korinek. It supports management of multiple LDAP attributes at once, which solves several issues with LDAP configuration. At the moment the 'ldap_attrs' module is not part of Ansible core, therefore it will be included in the 'debops.ansible_plugins' role for the forseeable future. Ref: ansible/ansible#31664
This change should make the 'ldap_attrs' Ansible module usable in Python 3 environments. Ref: ansible/ansible#31664 (review)
@Noles, @jtyr: I'd like to ask what are the plans for inclusion of this module in Ansible? I think that the I implemented support for the |
1c978e8
to
582fbc0
Compare
I rebased my changes but without any client certificate extensions. I think its better to realize this step by step. |
Thank you everybody for the work that's gone into this. So I'm going to close this and @drybjed will raise a new PR |
The 'ldap_attrs' Ansible module is a replacement for the 'ldap_attr' module created by Alexander Korinek. It supports management of multiple LDAP attributes at once, which solves several issues with LDAP configuration. At the moment the 'ldap_attrs' module is not part of Ansible core, therefore it will be included in the 'debops.ansible_plugins' role for the forseeable future. Ref: ansible/ansible#31664
This change should make the 'ldap_attrs' Ansible module usable in Python 3 environments. Ref: ansible/ansible#31664 (review)
SUMMARY
The current "ldap_attr" module does not support ldap attribute insertations or deletions with objectClass dependencies.
ISSUE TYPE
COMPONENT NAME
ldap_attrs
ANSIBLE VERSION
ADDITIONAL INFORMATION
For example, if you have the following ldap entry:
and you like to add:
you need the additional objectClass
gosaAcl
.But because of the schema definition:
gosaAclEntry
must be added ongosaAcl
add as well.With the
ldap_attr
module these insertation is not possible because every entry will be added one by one and can not be combined in one run.This results in:
OBJECT_CLASS_VIOLATION: {'info': "object class 'gosaAcl' requires attribute 'gosaAclEntry'", 'desc': 'Object class violation'}
and
OBJECT_CLASS_VIOLATION: {'info': "attribute 'gosaAclEntry' not allowed", 'desc': 'Object class violation'}
For backward compatibility I created a new module with different configuration parameters.