theforeman.foreman.auth_source_ldap module – Manage LDAP Authentication Sources

Note

This module is part of the theforeman.foreman collection (version 3.11.0).

To install it, use: ansible-galaxy collection install theforeman.foreman. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: theforeman.foreman.auth_source_ldap.

New in theforeman.foreman 1.0.0

Synopsis

  • Create, update, and delete LDAP authentication sources

Requirements

The below requirements are needed on the host that executes this module.

  • requests

Parameters

Parameter

Comments

account

string

Account name to use when accessing the LDAP server.

account_password

string

Account password to use when accessing the LDAP server.

Required when using onthefly_register.

When this parameter is set, the module will not be idempotent.

attr_firstname

string

Attribute containing first name.

Required when using onthefly_register.

attr_lastname

string

Attribute containing last name.

Required when using onthefly_register.

attr_login

string

Attribute containing login ID.

Required when using onthefly_register.

attr_mail

string

Attribute containing email address.

Required when using onthefly_register.

attr_photo

string

Attribute containing user photo

base_dn

string

The base DN to use when searching.

groups_base

string

Base DN where groups reside.

host

string / required

The hostname of the LDAP server

ldap_filter

string

Filter to apply to LDAP searches

locations

list / elements=string

List of locations the entity should be assigned to

name

string / required

The name of the LDAP authentication source

onthefly_register

boolean

Whether or not to register users on the fly.

Choices:

  • false

  • true

organizations

list / elements=string

List of organizations the entity should be assigned to

password

string / required

Password of the user accessing the Foreman server.

If the value is not specified in the task, the value of environment variable FOREMAN_PASSWORD will be used instead.

port

integer

The port number of the LDAP server

Default: 389

server_type

string

Type of the LDAP server

Choices:

  • "free_ipa"

  • "active_directory"

  • "posix"

server_url

string / required

URL of the Foreman server.

If the value is not specified in the task, the value of environment variable FOREMAN_SERVER_URL will be used instead.

state

string

State of the entity

Choices:

  • "present" ← (default)

  • "absent"

tls

boolean

Whether or not to use TLS when contacting the LDAP server.

Choices:

  • false

  • true

use_netgroups

boolean

Whether to use NIS netgroups instead of posix groups, not valid for server_type=active_directory

Choices:

  • false

  • true

usergroup_sync

boolean

Whether or not to sync external user groups on login

Choices:

  • false

  • true

username

string / required

Username accessing the Foreman server.

If the value is not specified in the task, the value of environment variable FOREMAN_USERNAME will be used instead.

validate_certs

boolean

Whether or not to verify the TLS certificates of the Foreman server.

If the value is not specified in the task, the value of environment variable FOREMAN_VALIDATE_CERTS will be used instead.

Choices:

  • false

  • true ← (default)

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying the entity

diff_mode

Support: full

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode

Examples

- name: Simple FreeIPA authentication source
  theforeman.foreman.auth_source_ldap:
    name: "Example LDAP"
    host: "ldap.example.org"
    server_url: "https://foreman.example.com"
    locations:
      - "Uppsala"
    organizations:
      - "Sweden"
    username: "admin"
    password: "changeme"
    state: present

- name: FreeIPA with automatic registration
  theforeman.foreman.auth_source_ldap:
    name: "Example LDAP"
    host: "ldap.example.org"
    onthefly_register: true
    account: uid=ansible,cn=sysaccounts,cn=etc,dc=example,dc=com
    account_password: secret
    base_dn: dc=example,dc=com
    groups_base: cn=groups,cn=accounts, dc=example,dc=com
    server_type: free_ipa
    attr_login: uid
    attr_firstname: givenName
    attr_lastname: sn
    attr_mail: mail
    attr_photo: jpegPhoto
    server_url: "https://foreman.example.com"
    username: "admin"
    password: "changeme"
    state: present

- name: Active Directory with automatic registration
  theforeman.foreman.auth_source_ldap:
    name: "Example AD"
    host: "ad.example.org"
    onthefly_register: true
    account: EXAMPLE\ansible
    account_password: secret
    base_dn: cn=Users,dc=example,dc=com
    groups_base: cn=Users,dc=example,dc=com
    server_type: active_directory
    attr_login: sAMAccountName
    attr_firstname: givenName
    attr_lastname: sn
    attr_mail: mail
    ldap_filter: (memberOf=CN=Domain Users,CN=Users,DC=example,DC=com)
    server_url: "https://foreman.example.com"
    username: "admin"
    password: "changeme"
    state: present

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

entity

dictionary

Final state of the affected entities grouped by their type.

Returned: success

auth_source_ldaps

list / elements=dictionary

List of auth sources for LDAP.

Returned: success

Authors

  • Christoffer Reijer (@ephracis) Basalt AB