Sounds fun, I landed on
https://git.theo-andreou.org/Personal/ansible-ldap-modules/src/commit/03bc81122d419a0cede79a97d802af2fb700d73d/README.md?lang=tr-TR#user-content-removing-an-attribute
which might do what you want
On Mon, Jun 26, 2023 at 10:12 AM Dick Visser <dnmvis...@gmail.com> wrote:
> Hii,
> I am trying to remove an attribute from an LDAP entry, in this case the
> password that was put in during installation of the slapd package.
>
> Initially I have this:
>
> root@dick-dev1:~# ldapsearch -Q -LLL -Y EXTERNAL -b cn=config
> olcDatabase={1}mdb
> dn: olcDatabase={1}mdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcMdbConfig
> olcDatabase: {1}mdb
> olcDbDirectory: /var/lib/ldap
> olcSuffix: dc=geant,dc=org
> olcAccess: {0}to attrs=userPassword by self write by anonymous auth by *
> none
> olcAccess: {1}to attrs=shadowLastChange by self write by * read
> olcAccess: {2}to * by * read
> olcLastMod: TRUE
> olcRootDN: cn=admin,dc=geant,dc=org
> olcRootPW: {SSHA}tRU7YUk8WUdcA04ZbYAv1985nUcMrjRZ
> olcDbCheckpoint: 512 30
> olcDbIndex: objectClass eq
> olcDbIndex: cn,uid eq
> olcDbIndex: uidNumber,gidNumber eq
> olcDbIndex: member,memberUid eq
> olcDbMaxSize: 1073741824
>
> This LDIF:
>
> dn: olcDatabase={1}mdb,cn=config
> changetype: modify
> delete: olcRootPW
>
> can be successfully used with ldapmodify:
>
> root@dick-dev1:~# ldapmodify -Y EXTERNAL -f bar.ldif
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> SASL SSF: 0
> modifying entry "olcDatabase={1}mdb,cn=config"
>
> After which the entry looks like this:
>
> root@dick-dev1:~# ldapsearch -Q -LLL -Y EXTERNAL -b cn=config
> olcDatabase={1}mdb
> dn: olcDatabase={1}mdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcMdbConfig
> olcDatabase: {1}mdb
> olcDbDirectory: /var/lib/ldap
> olcSuffix: dc=geant,dc=org
> olcAccess: {0}to attrs=userPassword by self write by anonymous auth by *
> none
> olcAccess: {1}to attrs=shadowLastChange by self write by * read
> olcAccess: {2}to * by * read
> olcLastMod: TRUE
> olcRootDN: cn=admin,dc=geant,dc=org
> olcDbCheckpoint: 512 30
> olcDbIndex: objectClass eq
> olcDbIndex: cn,uid eq
> olcDbIndex: uidNumber,gidNumber eq
> olcDbIndex: member,memberUid eq
> olcDbMaxSize: 1073741824
>
> I.e., the olcRootPW attribute is now gone. Great.
>
> I want to use ansible to achieve the same thing, but I can't figure out
> how to do that.
> I can't use ldap_entry because that can only remove entire entries.
> According to
> https://docs.ansible.com/ansible/latest/collections/community/general/ldap_attrs_module.html,
> this is to "Add or remove multiple LDAP attribute values".
> That seems like what I need.
> But according to
> https://docs.ansible.com/ansible/latest/collections/community/general/ldap_attrs_module.html#parameter-attributes
> :
>
> The attribute(s) and value(s) to add or remove.
>
> That works, but I need to supply both the attribute AND its value.
> I cannot seem to remove just the attribute, regardless of its value.
> Any idea how to do that? I.e. without adding helper tasks to first check
> if the attribute exists, and if so, get its value?
>
> thx :)
>
>
>
> thx
>
> Dick
>
>
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZJ%3DU2fmN1Y3%3DhhveBzD8_e%3DOtN6tmByNDnfJdbRWjSSw%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAF8BbLZJ%3DU2fmN1Y3%3DhhveBzD8_e%3DOtN6tmByNDnfJdbRWjSSw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
- Andrew "lathama" Latham -
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CA%2Bqj4S9Hy_5VMH6yy3G-JzP2MZW9LdDzHR1RrkbLJNRGt5F32Q%40mail.gmail.com.
