`community.general.ldap_entry` does not detect absent entry

[nlgranger]

Summary

To check if an entry is missing, the module calls:

community.general/plugins/modules/ldap_entry.py

Lines 222 to 227 in baf1cde

	try:
	self.connection.search_s(self.dn, ldap.SCOPE_BASE)
	except ldap.NO_SUCH_OBJECT:
	is_present = False
	else:
	is_present = True

But if the search return value is an empty list (ie: the entry is absent), the module goes on to set is_present = True and skips creating the entry.

The server is lldap.

The equivalent ldapsearch output for the missing entry returns:

# pagedresults: cookie=

Issue Type

Bug Report

Component Name

ldap_entry

Ansible Version

$ ansible --version
ansible [core 2.18.1]
  config file = /home/ngranger/Projects/infra/ansible.cfg
  configured module search path = ['/home/ngranger/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ngranger/venvs/infra/lib64/python3.11/site-packages/ansible
  ansible collection location = /home/ngranger/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ngranger/venvs/infra/bin/ansible
  python version = 3.11.13 (main, Jun  4 2025, 00:00:00) [GCC 14.3.1 20250523 (Red Hat 14.3.1-1)] (/home/ngranger/venvs/infra/bin/python3)
  jinja version = 3.1.5
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general
# /home/ngranger/venvs/infra/lib/python3.11/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 10.1.0 

# /home/ngranger/venvs/infra/lib64/python3.11/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 10.1.0 

Configuration

  $ ansible-config dump --only-changed
CONFIG_FILE() = /home/me/Projects/infra/ansible.cfg
DEFAULT_REMOTE_USER(/home/me/Projects/infra/ansible.cfg) = xxx
EDITOR(env: EDITOR) = /usr/bin/nano

GALAXY_SERVERS:

OS / Environment

Fedora 41

Steps to Reproduce

- name: Create sssd service user
  community.general.ldap_entry:
    server_uri: "ldaps://{{ hostvars[groups['admin'][0]].ansible_host }}"
    bind_dn: "cn=admin,ou=people,dc=cluster"
    bind_pw: "{{ lldap_password }}"
    dn: uid=sssd,ou=people,dc=cluster
    objectClass:
      - inetOrgPerson
      - posixAccount
      - mailAccount
      - person

Expected Results

CHANGED state after running for a missing entry

Actual Results

ok: [xxx] => {
    "changed": false,
    ...
}

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/modules/ldap_entry.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @jtyr
click here for bot help