From a24a894c7de58f6080d643a8157d73c6e42e4f8c Mon Sep 17 00:00:00 2001 From: Jordan Borean Date: Mon, 7 Aug 2023 16:15:59 +1000 Subject: [PATCH] ldap inventory add filter_without_computer Adds the new option filter_without_computer to control whether the AND clause objectClass=computer is added to the final filter used or not. While not needed for normal Active Directory environments this does allow different environments to be used as the LDAP source. --- changelogs/fragments/ldap-filter-raw.yml | 4 ++++ galaxy.yml | 2 +- plugins/inventory/ldap.py | 28 ++++++++++++++++++------ 3 files changed, 26 insertions(+), 8 deletions(-) create mode 100644 changelogs/fragments/ldap-filter-raw.yml diff --git a/changelogs/fragments/ldap-filter-raw.yml b/changelogs/fragments/ldap-filter-raw.yml new file mode 100644 index 0000000..49d73d7 --- /dev/null +++ b/changelogs/fragments/ldap-filter-raw.yml @@ -0,0 +1,4 @@ +minor_changes: +- >- + microsoft.ad.ldap - Added the option ``filter_without_computer`` to not add the AND clause ``objectClass=computer`` + to the final filter used - https://github.com/ansible-collections/microsoft.ad/issues/55 diff --git a/galaxy.yml b/galaxy.yml index 16d4830..956bbd0 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: microsoft name: ad -version: 1.2.0 +version: 1.3.0 readme: README.md authors: - Jordan Borean @jborean93 diff --git a/plugins/inventory/ldap.py b/plugins/inventory/ldap.py index 23ee31d..1186c7f 100644 --- a/plugins/inventory/ldap.py +++ b/plugins/inventory/ldap.py @@ -40,8 +40,19 @@ filter: description: - The LDAP filter string used to query the computer objects. - - This will be combined with the filter "(objectClass=computer)". + - By default, this will be combined with the filter + "(objectClass=computer)". Use I(filter_without_computer) to override + this behavior and have I(filter) be the only filter used. type: str + filter_without_computer: + description: + - Will not combine the I(filter) value with the filter + "(objectClass=computer)". + - In most cases this should be C(false) but can be set to C(true) to have + the I(filter) value specified be the only filter used. + type: bool + default: false + version_added: '1.3.0' search_base: description: - The LDAP search base to find the computer objects in. @@ -259,6 +270,7 @@ def parse( groups = self.get_option("groups") keyed_groups = self.get_option("keyed_groups") ldap_filter = self.get_option("filter") + ldap_filter_without_computer = self.get_option("filter_without_computer") search_base = self.get_option("search_base") search_scope = self.get_option("search_scope") strict = self.get_option("strict") @@ -272,12 +284,14 @@ def parse( computer_filter = sansldap.FilterEquality("objectClass", b"computer") final_filter: sansldap.LDAPFilter if ldap_filter: - final_filter = sansldap.FilterAnd( - filters=[ - computer_filter, - sansldap.LDAPFilter.from_string(ldap_filter), - ] - ) + ldap_filter_obj = sansldap.LDAPFilter.from_string(ldap_filter) + + if ldap_filter_without_computer: + final_filter = ldap_filter_obj + else: + final_filter = sansldap.FilterAnd( + filters=[computer_filter, ldap_filter_obj] + ) else: final_filter = computer_filter