theforeman.foreman.auth_source_ldap – Manage LDAP Authentication Sources

Note

This plugin is part of the theforeman.foreman collection.

To install it use: ansible-galaxy collection install theforeman.foreman.

To use it in a playbook, specify: theforeman.foreman.auth_source_ldap.

New in version 1.0.0: of theforeman.foreman

Synopsis

  • Create, update, and delete LDAP authentication sources

Requirements

The below requirements are needed on the host that executes this module.

  • requests

Parameters

Parameter Choices/Defaults Comments
account
string
Account name to use when accessing the LDAP server.
account_password
string
Account password to use when accessing the LDAP server.
Required when using onthefly_register.
When this parameter is set, the module will not be idempotent.
attr_firstname
string
Attribute containing first name.
Required when using onthefly_register.
attr_lastname
string
Attribute containing last name.
Required when using onthefly_register.
attr_login
string
Attribute containing login ID.
Required when using onthefly_register.
attr_mail
string
Attribute containing email address.
Required when using onthefly_register.
attr_photo
string
Attribute containing user photo
base_dn
string
The base DN to use when searching.
groups_base
string
Base DN where groups reside.
host
string / required
The hostname of the LDAP server
ldap_filter
string
Filter to apply to LDAP searches
locations
list / elements=string
List of locations the entity should be assigned to
name
string / required
The name of the LDAP authentication source
onthefly_register
boolean
    Choices:
  • no
  • yes
Whether or not to register users on the fly.
organizations
list / elements=string
List of organizations the entity should be assigned to
password
string / required
Password of the user accessing the Foreman server.
If the value is not specified in the task, the value of environment variable FOREMAN_PASSWORD will be used instead.
port
integer
Default:
389
The port number of the LDAP server
server_type
string
    Choices:
  • free_ipa
  • active_directory
  • posix
Type of the LDAP server
server_url
string / required
URL of the Foreman server.
If the value is not specified in the task, the value of environment variable FOREMAN_SERVER_URL will be used instead.
state
string
    Choices:
  • present ←
  • absent
State of the entity
tls
boolean
    Choices:
  • no
  • yes
Whether or not to use TLS when contacting the LDAP server.
use_netgroups
boolean
    Choices:
  • no
  • yes
Whether to use NIS netgroups instead of posix groups, not valid for server_type=active_directory
usergroup_sync
boolean
    Choices:
  • no
  • yes
Whether or not to sync external user groups on login
username
string / required
Username accessing the Foreman server.
If the value is not specified in the task, the value of environment variable FOREMAN_USERNAME will be used instead.
validate_certs
boolean
    Choices:
  • no
  • yes ←
Whether or not to verify the TLS certificates of the Foreman server.
If the value is not specified in the task, the value of environment variable FOREMAN_VALIDATE_CERTS will be used instead.

Examples

- name: LDAP Authentication source
  theforeman.foreman.auth_source_ldap:
    name: "Example LDAP"
    host: "ldap.example.org"
    server_url: "https://foreman.example.com"
    locations:
      - "Uppsala"
    organizations:
      - "Sweden"
    username: "admin"
    password: "changeme"
    state: present

- name: LDAP Authentication with automatic registration
  theforeman.foreman.auth_source_ldap:
    name: "Example LDAP"
    host: "ldap.example.org"
    onthefly_register: True
    account: uid=ansible,cn=sysaccounts,cn=etc,dc=example,dc=com
    account_password: secret
    base_dn: dc=example,dc=com
    groups_base: cn=groups,cn=accounts, dc=example,dc=com
    server_type: free_ipa
    attr_login: uid
    attr_firstname: givenName
    attr_lastname: sn
    attr_mail: mail
    attr_photo: jpegPhoto
    server_url: "https://foreman.example.com"
    username: "admin"
    password: "changeme"
    state: present

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
entity
dictionary
success
Final state of the affected entities grouped by their type.

 
auth_source_ldaps
list / elements=dictionary
success
List of auth sources for LDAP.



Authors

  • Christoffer Reijer (@ephracis) Basalt AB