community.general.ipa_group module – Manage FreeIPA group
Note
This module is part of the community.general collection (version 9.5.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.ipa_group
.
Synopsis
Add, modify and delete group within IPA server
Parameters
Parameter |
Comments |
---|---|
Canonical name. Can not be changed as it is the unique identifier. |
|
Description of the group. |
|
Allow adding external non-IPA members from trusted domains. Choices:
|
|
List of external users assigned to this group. Behaves identically to List entries can be in Unless SIDs are provided, the module will always attempt to make changes even if the group already has all the users. This is because only SIDs are returned by IPA query.
|
|
GID (use this option to set it manually). |
|
List of group names assigned to this group. If Groups that are already assigned but not passed will be removed. If If option is omitted assigned groups will not be checked or changed. |
|
IP or hostname of IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable The relevant entry needed in FreeIPA is the If neither the DNS entry, nor the environment Default: |
|
Password of administrative user. If the value is not specified in the task, the value of environment variable Note that if the If the environment variable If the environment variable If GSSAPI is not available, the usage of |
|
Port of FreeIPA / IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable Default: |
|
Protocol used by IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable Choices:
|
|
Specifies idle timeout (in seconds) for the connection. For bulk operations, you may want to increase this in order to avoid timeout from IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable Default: |
|
Administrative account used on IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable Default: |
|
Create as a non-POSIX group. Choices:
|
|
State to ensure Choices:
|
|
List of user names assigned to this group. If Users that are already assigned but not passed will be removed. If If option is omitted assigned users will not be checked or changed. |
|
This only applies if If set to This should only set to Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Ensure group is present
community.general.ipa_group:
name: oinstall
gidnumber: '54321'
state: present
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Ensure that groups sysops and appops are assigned to ops but no other group
community.general.ipa_group:
name: ops
group:
- sysops
- appops
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Ensure that users linus and larry are assign to the group, but no other user
community.general.ipa_group:
name: sysops
user:
- linus
- larry
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Ensure that new starter named john is member of the group, without removing other members
community.general.ipa_group:
name: developers
user:
- john
append: true
state: present
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Add external user to a group
community.general.ipa_group:
name: developers
external: true
append: true
external_user:
- S-1-5-21-123-1234-12345-63421
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Add a user from MYDOMAIN
community.general.ipa_group:
name: developers
external: true
append: true
external_user:
- MYDOMAIN\\john
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Ensure group is absent
community.general.ipa_group:
name: sysops
state: absent
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Group as returned by IPA API Returned: always |