search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
823 stars 1.52k forks source link

ldap_search: incorrect scope naming #9081

Open russoz opened 2 days ago

russoz commented 2 days ago

Summary

I was reviewing some old stuff in my inbox and I bumped into: #4894 , which is still open. That one was mentioned in #8358, which was fixed by #8377 by changing the docs for the scope parameter to include:

      - V(subordinate) requires the LDAPv3 subordinate feature extension.
      - V(children) is equivalent to a "subtree" scope.

However, double checking in the ldapsearch man page (from OpenLDAP 2.4.28), we have:

       -s {base|one|sub|children}
              Specify the scope of the search to be one of base, one, sub, or children to specify a base object, one-level, subtree, or children search.  The
              default is sub.  Note: children scope requires LDAPv3 subordinate feature extension.

From that, it looks like #8377 got it the other way around, and it should be rewritten as:

      - V(sub) is equivalent to a "subtree" scope.
      - V(children) requires the LDAPv3 subordinate feature extension.

Additionally, looking at the module itself, it looks like the subtree scope is missing, because the scope option is defined as:

  scope:
    choices: [base, onelevel, subordinate, children]
    default: base
    type: str
    description:
      - The LDAP scope to use.
      - V(subordinate) requires the LDAPv3 subordinate feature extension.
      - V(children) is equivalent to a "subtree" scope.

https://github.com/ansible-collections/community.general/blob/main/plugins/modules/ldap_search.py#L41-L48

But the code translates that:

        spec = dict(
            base=ldap.SCOPE_BASE,
            onelevel=ldap.SCOPE_ONELEVEL,
            subordinate=ldap.SCOPE_SUBORDINATE,
            children=ldap.SCOPE_SUBTREE,
        )

https://github.com/ansible-collections/community.general/blob/main/plugins/modules/ldap_search.py#L209-L214

Issue Type

Bug Report

Component Name

ldap_search

Ansible Version

$ ansible --version

Community.general Version

$ ansible-galaxy collection list community.general

Configuration

$ ansible-config dump --only-changed

OS / Environment

No response

Additional Information

No response

Code of Conduct

ansibullbot commented 2 days ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 2 days ago

cc @eryx12o45 @jtyr click here for bot help

russoz commented 23 hours ago

@jayhendren since you worked on #8377 , you might want to see this