ldap inventory add filter_without_computer

Adds the new option filter_without_computer to control whether the AND clause objectClass=computer is added to the final filter used or not. While not needed for normal Active Directory environments this does allow different environments to be used as the LDAP source.
ansible-collections · Aug 7, 2023 · 2c4215e · 2c4215e
1 parent 6bf01b5
commit 2c4215e
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 8 deletions.
diff --git a/changelogs/fragments/ldap-filter-raw.yml b/changelogs/fragments/ldap-filter-raw.yml
@@ -0,0 +1,4 @@
+minor_changes:
+- >-
+  microsoft.ad.ldap - Added the option ``filter_without_computer`` to not add the AND clause ``objectClass=computer``
+  to the final filter used - https://github.com/ansible-collections/microsoft.ad/issues/55
diff --git a/galaxy.yml b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: microsoft
 name: ad
-version: 1.2.0
+version: 1.3.0
 readme: README.md
 authors:
 - Jordan Borean @jborean93

diff --git a/plugins/inventory/ldap.py b/plugins/inventory/ldap.py
@@ -40,8 +40,19 @@
   filter:
     description:
     - The LDAP filter string used to query the computer objects.
-    - This will be combined with the filter "(objectClass=computer)".
+    - By default, this will be combined with the filter
+      "(objectClass=computer)". Use I(filter_without_computer) to override
+      this behavior and have I(filter) be the only filter used.
     type: str
+  filter_without_computer
+    description:
+    - Will not combine the I(filter) value with the filter
+      "(objectClass=computer)".
+    - In most cases this should be C(false) but can be set to C(true) to have
+      the I(filter) value specified be the only filter used.
+    type: bool
+    default: false
+    version_added: '1.3.0'
   search_base:
     description:
     - The LDAP search base to find the computer objects in.
@@ -259,6 +270,7 @@ def parse(
         groups = self.get_option("groups")
         keyed_groups = self.get_option("keyed_groups")
         ldap_filter = self.get_option("filter")
+        ldap_filter_without_computer = self.get_option("filter_without_computer")
         search_base = self.get_option("search_base")
         search_scope = self.get_option("search_scope")
         strict = self.get_option("strict")
@@ -272,12 +284,14 @@ def parse(
         computer_filter = sansldap.FilterEquality("objectClass", b"computer")
         final_filter: sansldap.LDAPFilter
         if ldap_filter:
-            final_filter = sansldap.FilterAnd(
-                filters=[
-                    computer_filter,
-                    sansldap.LDAPFilter.from_string(ldap_filter),
-                ]
-            )
+            ldap_filter_obj = sansldap.LDAPFilter.from_string(ldap_filter)
+
+            if ldap_filter_without_computer:
+                final_filter = ldap_filter_obj
+            else:
+                final_filter = sansldap.FilterAnd(
+                    filters=[computer_filter, ldap_filter_obj]
+                )
         else:
             final_filter = computer_filter