community.general.utm_aaa_group module – Create, update or destroy an aaa group object in Sophos UTM
Note
This module is part of the community.general collection (version 9.5.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.utm_aaa_group
.
Synopsis
Create, update or destroy an aaa group object in Sophos UTM.
This module needs to have the REST Ability of the UTM to be activated.
Parameters
Parameter |
Comments |
---|---|
List of adirectory group strings. Default: |
|
Dictionary of group sids. Default: |
|
The backend for the group. Choices:
|
|
Comment that describes the AAA group. Default: |
|
Group type. Is static if none is selected. Choices:
|
|
List of edirectory group strings. Default: |
|
A dictionary of additional headers to be sent to POST and PUT requests. Is needed for some modules. Default: |
|
The ipsec dn string. Default: |
|
The ldap attribute to check against. Default: |
|
The ldap attribute value to check against. Default: |
|
A list of user ref names (aaa/user). Default: |
|
The name of the object. Will be used to identify the entry. |
|
The network reference name. The objects contains the known ip addresses for the authentication object (network/aaa). Default: |
|
A list of radius group strings. Default: |
|
The desired state of the object.
Choices:
|
|
A list of tacacs group strings. Default: |
|
The REST Endpoint of the Sophos UTM. |
|
The port of the REST interface. Default: |
|
The protocol of the REST Endpoint. Choices:
|
|
The token used to identify at the REST-API. See https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en, Chapter 2.4.2. |
|
Whether the REST interface’s ssl certificate should be verified or not. Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: none |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Create UTM aaa_group
community.general.utm_aaa_group:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAAAGroupEntry
backend_match: ldap
dynamic: directory_groups
ldap_attributes: memberof
ldap_attributes_value: "cn=groupname,ou=Groups,dc=mydomain,dc=com"
network: REF_OBJECT_STRING
state: present
- name: Remove UTM aaa_group
community.general.utm_aaa_group:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAAAGroupEntry
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The utm object that was created. Returned: success |
|
Whether or not the object is currently locked. Returned: success |
|
The reference name of the object. Returned: success |
|
The type of the object. Returned: success |
|
List of Active Directory Groups. Returned: success |
|
List of Active Directory Groups SIDS. Returned: success |
|
The backend to use. Returned: success |
|
The comment string. Returned: success |
|
Whether the group match is ipsec_dn or directory_group. Returned: success |
|
List of eDirectory Groups. Returned: success |
|
ipsec_dn identifier to match. Returned: success |
|
The LDAP Attribute to match against. Returned: success |
|
The LDAP Attribute Value to match against. Returned: success |
|
List of member identifiers of the group. Returned: success |
|
The name of the object. Returned: success |
|
The identifier of the network (network/aaa). Returned: success |
|
The radius group identifier. Returned: success |
|
The tacacs group identifier. Returned: success |