theforeman.foreman.auth_sources_ldap
This role manages LDAP authentication sources, allowing users from an external source such as Active Directory or FreeIPA to authenticate to Foreman.
Role Variables
This role supports the Common Role Variables.
The main data structure for this role is the list of foreman_auth_sources_ldap. Each auth_source_ldap requires the following fields:
name: The name of the authentication source.
For all other fields see the auth_source_ldap module.
Example Playbooks
Configure FreeIPA as an authentication source, with automatic registration:
- hosts: localhost
roles:
- role: theforeman.foreman.auth_sources_ldap
vars:
foreman_server_url: https://foreman.example.com
foreman_username: "admin"
foreman_password: "changeme"
foreman_organization: "ACME"
foreman_auth_sources_ldap:
- name: "Example LDAP"
host: "ldap.example.org"
onthefly_register: true
account: uid=ansible,cn=sysaccounts,cn=etc,dc=example,dc=com
account_password: secret
base_dn: dc=example,dc=com
groups_base: cn=groups,cn=accounts, dc=example,dc=com
server_type: free_ipa
attr_login: uid
attr_firstname: givenName
attr_lastname: sn
attr_mail: mail
attr_photo: jpegPhoto
state: present
To instead integrate with Active Directory, only allowing users who are member of the “Domain Users” group:
- hosts: localhost
roles:
- role: theforeman.foreman.auth_sources_ldap
vars:
foreman_server_url: https://foreman.example.com
foreman_username: "admin"
foreman_password: "changeme"
foreman_organization: "ACME"
foreman_auth_sources_ldap:
- name: "Example AD"
host: "ad.example.org"
onthefly_register: true
account: EXAMPLE\ansible
account_password: secret
base_dn: cn=Users,dc=example,dc=com
groups_base: cn=Users,dc=example,dc=com
server_type: active_directory
attr_login: sAMAccountName
attr_firstname: givenName
attr_lastname: sn
attr_mail: mail
ldap_filter: (memberOf=CN=Domain Users,CN=Users,DC=example,DC=com)
state: present