Sounds fun, I landed on https://git.theo-andreou.org/Personal/ansible-ldap-modules/src/commit/03bc81122d419a0cede79a97d802af2fb700d73d/README.md?lang=tr-TR#user-content-removing-an-attribute which might do what you want
On Mon, Jun 26, 2023 at 10:12 AM Dick Visser <[email protected]> wrote: > Hii, > I am trying to remove an attribute from an LDAP entry, in this case the > password that was put in during installation of the slapd package. > > Initially I have this: > > root@dick-dev1:~# ldapsearch -Q -LLL -Y EXTERNAL -b cn=config > olcDatabase={1}mdb > dn: olcDatabase={1}mdb,cn=config > objectClass: olcDatabaseConfig > objectClass: olcMdbConfig > olcDatabase: {1}mdb > olcDbDirectory: /var/lib/ldap > olcSuffix: dc=geant,dc=org > olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * > none > olcAccess: {1}to attrs=shadowLastChange by self write by * read > olcAccess: {2}to * by * read > olcLastMod: TRUE > olcRootDN: cn=admin,dc=geant,dc=org > olcRootPW: {SSHA}tRU7YUk8WUdcA04ZbYAv1985nUcMrjRZ > olcDbCheckpoint: 512 30 > olcDbIndex: objectClass eq > olcDbIndex: cn,uid eq > olcDbIndex: uidNumber,gidNumber eq > olcDbIndex: member,memberUid eq > olcDbMaxSize: 1073741824 > > This LDIF: > > dn: olcDatabase={1}mdb,cn=config > changetype: modify > delete: olcRootPW > > can be successfully used with ldapmodify: > > root@dick-dev1:~# ldapmodify -Y EXTERNAL -f bar.ldif > SASL/EXTERNAL authentication started > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > SASL SSF: 0 > modifying entry "olcDatabase={1}mdb,cn=config" > > After which the entry looks like this: > > root@dick-dev1:~# ldapsearch -Q -LLL -Y EXTERNAL -b cn=config > olcDatabase={1}mdb > dn: olcDatabase={1}mdb,cn=config > objectClass: olcDatabaseConfig > objectClass: olcMdbConfig > olcDatabase: {1}mdb > olcDbDirectory: /var/lib/ldap > olcSuffix: dc=geant,dc=org > olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * > none > olcAccess: {1}to attrs=shadowLastChange by self write by * read > olcAccess: {2}to * by * read > olcLastMod: TRUE > olcRootDN: cn=admin,dc=geant,dc=org > olcDbCheckpoint: 512 30 > olcDbIndex: objectClass eq > olcDbIndex: cn,uid eq > olcDbIndex: uidNumber,gidNumber eq > olcDbIndex: member,memberUid eq > olcDbMaxSize: 1073741824 > > I.e., the olcRootPW attribute is now gone. Great. > > I want to use ansible to achieve the same thing, but I can't figure out > how to do that. > I can't use ldap_entry because that can only remove entire entries. > According to > https://docs.ansible.com/ansible/latest/collections/community/general/ldap_attrs_module.html, > this is to "Add or remove multiple LDAP attribute values". > That seems like what I need. > But according to > https://docs.ansible.com/ansible/latest/collections/community/general/ldap_attrs_module.html#parameter-attributes > : > > The attribute(s) and value(s) to add or remove. > > That works, but I need to supply both the attribute AND its value. > I cannot seem to remove just the attribute, regardless of its value. > Any idea how to do that? I.e. without adding helper tasks to first check > if the attribute exists, and if so, get its value? > > thx :) > > > > thx > > Dick > > > > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAF8BbLZJ%3DU2fmN1Y3%3DhhveBzD8_e%3DOtN6tmByNDnfJdbRWjSSw%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAF8BbLZJ%3DU2fmN1Y3%3DhhveBzD8_e%3DOtN6tmByNDnfJdbRWjSSw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Andrew "lathama" Latham - -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2Bqj4S9Hy_5VMH6yy3G-JzP2MZW9LdDzHR1RrkbLJNRGt5F32Q%40mail.gmail.com.
