Allow for DN's to have {x} prefix on first RDN

[mrvanes]

SUMMARY

Allow for DN's to have {x} prefix on first RDN.
This is an extension to #5385

ISSUE TYPE

• Feature Pull Request

COMPONENT NAME

ldap

ADDITIONAL INFORMATION

It turns out that in OpenLDAP's cn=config, DN's can be ordered as well and configuring OpenLDAP through ansible therefor is quite cumbersome.

See the following example:

Suppose I want to enable slapd monitoring via cn=config. I would need to add back_monitor to cn=module{0},cn=config which is now correctly handled by #5385. However, I would also need to add a DN:

- name: Setup Monitor
  community.general.ldap_entry:
    dn: olcdatabase=monitor,cn=config
    objectClass: olcDatabaseConfig
    attributes:
      olcRootDN: "cn=admin,cn=Monitor"
      olcRootPW: "{{ '%s' | format(monitor_ldap_password) |  slapd_hash }}"

This entry, however will show up in cn=config as olcDatabase={2}monitor.ldif and subsequent runs will fail because a monitor database can only be added once here.
This problem can be solved by explicitly specifying the {2} prefix in the task, but I think it would be nice to let users add the bare DN and not have to think about the consequences of ordering.

The change tries to find the DN by searching ONELEVEL below the superior RDN for the first RDN. It goes at length to be backwards compatible by falling back to the original configured DN if anything unexpected happens. Only if searching results in one and only one result, the newly found DN is returned, possibly updating the bare version with the ordered prefix one.

[felixfontein]

recheck

[felixfontein]

I tested it and it doesn't break for me. Would be great if someone with better LDAP knowledge could also review this :)

[felixfontein]

@rekup since you're also interested in the LDAP modules, maybe you can take a look here?

[felixfontein]

If nobody complains, I'll merge this tomorrow.

[felixfontein]

@mrvanes thanks for your contribution!