foreman_auth_source_ldap – Manage Foreman LDAP authentication sources using Foreman API

Synopsis

  • Create and Delete Foreman LDAP authentication sources using Foreman API

Requirements

The below requirements are needed on the host that executes this module.

  • apypie

Parameters

Parameter Choices/Defaults Comments
account
string
Account name to use when accessing the LDAP server.
account_password
string
Account password to use when accessing the LDAP server.
Required when using onthefly_register.
When this parameter is set, the module will not be idempotent.
attr_firstname
string
Attribute containing first name.
Required when using onthefly_register.
attr_lastname
string
Attribute containing last name.
Required when using onthefly_register.
attr_login
string
Attribute containing login ID.
Required when using onthefly_register.
attr_mail
string
Attribute containing email address.
Required when using onthefly_register.
attr_photo
string
Attribute containing user photo
base_dn
string
The base DN to use when searching.
groups_base
string
Base DN where groups reside.
host
string / required
The hostname of the LDAP server
ldap_filter
string
Filter to apply to LDAP searches
locations
list / elements=string
List of locations the entity should be assigned to
name
string / required
The name of the LDAP authentication source
onthefly_register
boolean
    Choices:
  • no
  • yes
Whether or not to register users on the fly.
organizations
list / elements=string
List of organizations the entity should be assigned to
password
string / required
Password of the user accessing the Foreman server
port
integer
Default:
389
The port number of the LDAP server
server_type
string
    Choices:
  • free_ipa
  • active_directory
  • posix
Type of the LDAP server
server_url
string / required
URL of the Foreman server
state
string
    Choices:
  • present ←
  • absent
State of the entity in Foreman
tls
boolean
    Choices:
  • no
  • yes
Whether or not to use TLS when contacting the LDAP server.
use_netgroups
boolean
    Choices:
  • no
  • yes
Whether to use NIS netgroups instead of posix groups, not valid for server_type=active_directory
usergroup_sync
boolean
    Choices:
  • no
  • yes
Whether or not to sync external user groups on login
username
string / required
Username accessing the Foreman server
validate_certs
boolean
    Choices:
  • no
  • yes ←
Whether or not to verify the TLS certificates of the Foreman server

aliases: verify_ssl

Examples

- name: LDAP Authentication source
  foreman_auth_source_ldap:
    name: "Example LDAP"
    host: "ldap.example.org"
    server_url: "https://foreman.example.com"
    locations:
      - "Uppsala"
    organizations:
      - "Sweden"
    username: "admin"
    password: "secret"
    state: present

- name: LDAP Authentication with automatic registration
  foreman_auth_source_ldap:
    name: "Example LDAP"
    host: "ldap.example.org"
    onthefly_register: True
    account: uid=ansible,cn=sysaccounts,cn=etc,dc=example,dc=com
    account_password: secret
    base_dn: dc=example,dc=com
    groups_base: cn=groups,cn=accounts, dc=example,dc=com
    server_type: free_ipa
    attr_login: uid
    attr_firstname: givenName
    attr_lastname: sn
    attr_mail: mail
    attr_photo: jpegPhoto
    server_url: "https://foreman.example.com"
    username: "admin"
    password: "secret"
    state: present

Status

Authors

  • Christoffer Reijer (@ephracis) Basalt AB

Hint

If you notice any issues in this documentation, you can edit this document to improve it.