Support attrlist in ldap.managed #68650
Open
+33
−13
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This resolves not being able to manage operational attributes by introducing a way to pass the list to filter in the LDAP search through to the search function. Passing a customizable list was deemed most flexible, as one might not want to control all but only specific operational attributes. For example, one can set attrlist to ["*", "aci"] to manage all user attributes plus the "aci" operational attribute. Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
tacerus
force-pushed
the
ldap-attrlist
branch
from
08c851b to
443bcb8
Compare
tacerus
added a commit
to tacerus/opensuse-salt-formulas
that referenced
this pull request
Jan 21, 2026
This implements support for managing operational attributes by allowing the attributes to search for when comparing data to be specified in the pillar. Unfortunately this requires a change in ldap.managed - hence the formula feature here will fall back to a no-op if an unpatched version of Salt is in use to avoid unexpected failure. The relevant patch was submitted as saltstack/salt#68650. Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
twangboy
requested changes
Jan 21, 2026
tacerus
added a commit
to tacerus/opensuse-salt-formulas
that referenced
this pull request
Jan 22, 2026
This implements support for managing operational attributes by allowing the attributes to search for when comparing data to be specified in the pillar. Unfortunately this requires a change in ldap.managed - hence the formula feature here will fall back to a no-op if an unpatched version of Salt is in use to avoid unexpected failure. The relevant patch was submitted as saltstack/salt#68650. Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
tacerus
added a commit
to tacerus/opensuse-salt-formulas
that referenced
this pull request
Jan 22, 2026
This implements support for managing operational attributes by allowing the attributes to search for when comparing data to be specified in the pillar. Unfortunately this requires a change in ldap.managed - hence the formula feature here will fall back to a no-op if an unpatched version of Salt is in use to avoid unexpected failure. The relevant patch was submitted as saltstack/salt#68650. Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
twangboy
approved these changes
Jan 22, 2026
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This resolves not being able to manage operational attributes by introducing a way to pass the list to filter in the LDAP search through to the search function. Passing a customizable list was deemed most flexible, as one might not want to control all but only specific operational attributes. For example, one can set attrlist to ["*", "aci"] to manage all user attributes plus the "aci" operational attribute.
What issues does this PR fix or reference?
Fixes #53364.
Previous Behavior
No way of enabling additional attributes in the search, causing repeated changes to be reported (an apply of which then fails due to the attribute already existing).
New Behavior
Additional attributes can be selectively enabled.
Merge requirements satisfied?
[NOTICE] Bug fixes or features added to Salt require tests.
Commits signed with GPG?
Yes