Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap_search: incorrect scope naming #9081

Open
1 task done
russoz opened this issue Oct 29, 2024 · 3 comments
Open
1 task done

ldap_search: incorrect scope naming #9081

russoz opened this issue Oct 29, 2024 · 3 comments
Labels
backport-9 Automatically create a backport for the stable-9 branch bug This issue/PR relates to a bug check-before-release PR will be looked at again shortly before release and merged if possible. module module plugins plugin (any type)

Comments

@russoz
Copy link
Collaborator

russoz commented Oct 29, 2024
edited
Loading

Summary

I was reviewing some old stuff in my inbox and I bumped into: #4894 , which is still open. That one was mentioned in #8358, which was fixed by #8377 by changing the docs for the scope parameter to include:

      - V(subordinate) requires the LDAPv3 subordinate feature extension.
      - V(children) is equivalent to a "subtree" scope.

However, double checking in the ldapsearch man page (from OpenLDAP 2.4.28), we have:

       -s {base|one|sub|children}
              Specify the scope of the search to be one of base, one, sub, or children to specify a base object, one-level, subtree, or children search.  The
              default is sub.  Note: children scope requires LDAPv3 subordinate feature extension.

From that, it looks like #8377 got it the other way around, and it should be rewritten as:

      - V(sub) is equivalent to a "subtree" scope.
      - V(children) requires the LDAPv3 subordinate feature extension.

Additionally, looking at the module itself, it looks like the subtree scope is missing, because the scope option is defined as:

  scope:
    choices: [base, onelevel, subordinate, children]
    default: base
    type: str
    description:
      - The LDAP scope to use.
      - V(subordinate) requires the LDAPv3 subordinate feature extension.
      - V(children) is equivalent to a "subtree" scope.

https://github.com/ansible-collections/community.general/blob/main/plugins/modules/ldap_search.py#L41-L48

But the code translates that:

        spec = dict(
            base=ldap.SCOPE_BASE,
            onelevel=ldap.SCOPE_ONELEVEL,
            subordinate=ldap.SCOPE_SUBORDINATE,
            children=ldap.SCOPE_SUBTREE,
        )

https://github.com/ansible-collections/community.general/blob/main/plugins/modules/ldap_search.py#L209-L214

Issue Type

Bug Report

Component Name

ldap_search

Ansible Version

$ ansible --version

Community.general Version

$ ansible-galaxy collection list community.general

Configuration

$ ansible-config dump --only-changed

OS / Environment

No response

Additional Information

No response

Code of Conduct

  • I agree to follow the Ansible Code of Conduct
@russoz russoz changed the title ldap_search: possible mistake introduced in documentation ldap_search: incorrect scope naming Oct 29, 2024
@ansibullbot
Copy link
Collaborator

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot
Copy link
Collaborator

cc @eryx12o45 @jtyr
click here for bot help

@ansibullbot ansibullbot added bug This issue/PR relates to a bug module module plugins plugin (any type) labels Oct 29, 2024
@russoz russoz mentioned this issue Oct 29, 2024
Open
1 task
@felixfontein felixfontein added check-before-release PR will be looked at again shortly before release and merged if possible. backport-9 Automatically create a backport for the stable-9 branch labels Oct 30, 2024
@russoz
Copy link
Collaborator Author

russoz commented Oct 31, 2024

@jayhendren since you worked on #8377 , you might want to see this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backport-9 Automatically create a backport for the stable-9 branch bug This issue/PR relates to a bug check-before-release PR will be looked at again shortly before release and merged if possible. module module plugins plugin (any type)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@russoz @felixfontein @ansibullbot