netapp_e_ldap – NetApp E-Series manage LDAP integration to use for authentication

New in version 2.7.


  • Configure an E-Series system to allow authentication via an LDAP server


Parameter Choices/Defaults Comments
- / required
The password to authenticate with the SANtricity Web Services Proxy or Embedded Web Services API.
- / required
The url to the SANtricity Web Services Proxy or Embedded Web Services API. Example
- / required
The username to authenticate with the SANtricity Web Services Proxy or Embedded Web Services API.
The user attributes that should be considered for the group to role mapping.
Typically this is used with something like 'memberOf', and a user's access is tested against group membership or lack thereof.
This is a unique identifier for the configuration (for cases where there are multiple domains configured).
If this is not specified, but state=present, we will utilize a default value of 'default'.
A local path to a file to be used for debug logging
The domain name[s] that will be utilized when authenticating to identify which domain to utilize.
Default to use the DNS name of the server.
The only requirement is that the name[s] be resolvable.
- / required
This is the password for the bind user account.

aliases: bind_password
- / required
This is where you specify which groups should have access to what permissions for the storage-system.
For example, all users in group A will be assigned all 4 available roles, which will allow access to all the management functionality of the system (super-user). Those in group B only have the storage.monitor role, which will allow only read-only access.
This is specified as a mapping of regular expressions to a list of roles. See the examples.
The roles that will be assigned to to the group/groups matching the provided regex.
storage.admin allows users full read/write access to storage objects and operations.
storage.monitor allows users read-only access to storage objects and operations.
support.admin allows users access to hardware, diagnostic information, the Major Event Log, and other critical support-related functionality, but not the storage configuration.
security.admin allows users access to authentication/authorization configuration, as well as the audit log configuration, and certification management.
- / required
The search base is used to find group memberships of the user.
Example: ou=users,dc=example,dc=com
- / required
This is the LDAP server url.
The connection string should be specified as using the ldap or ldaps protocol along with the port information.

aliases: server_url
The ID of the array to manage. This value must be unique for each array.
  • present ←
  • absent
Enable/disable LDAP support on the system. Disabling will clear out any existing defined domains.
This is the attribute we will use to match the provided username when a user attempts to authenticate.
- / required
This is the user account that will be used for querying the LDAP server.
Example: CN=MyBindAcct,OU=ServiceAccounts,DC=example,DC=com

aliases: bind_username
  • no
  • yes ←
Should https certificates be validated?



  • Check mode is supported.

  • This module allows you to define one or more LDAP domains identified uniquely by identifier to use for authentication. Authorization is determined by role_mappings, in that different groups of users may be given different (or no), access to certain aspects of the system and API.

  • The local user accounts will still be available if the LDAP server becomes unavailable/inaccessible.

  • Generally, you’ll need to get the details of your organization’s LDAP server before you’ll be able to configure the system for using LDAP authentication; every implementation is likely to be very different.

  • This API is currently only supported with the Embedded Web Services API v2.0 and higher, or the Web Services Proxy v3.0 and higher.

  • The E-Series Ansible modules require either an instance of the Web Services Proxy (WSP), to be available to manage the storage-system, or an E-Series storage-system that supports the Embedded Web Services API.

  • Embedded Web Services is currently available on the E2800, E5700, EF570, and newer hardware models.

  • netapp_e_storage_system may be utilized for configuring the systems managed by a WSP instance.


- name: Disable LDAP authentication
    api_url: ""
    api_username: "admin"
    api_password: "myPass"
    ssid: "1"
    state: absent

- name: Remove the 'default' LDAP domain configuration
    state: absent
    identifier: default

- name: Define a new LDAP domain, utilizing defaults where possible
    state: present
    bind_username: "CN=MyBindAccount,OU=ServiceAccounts,DC=example,DC=com"
    bind_password: "mySecretPass"
    server: "ldap://"
    search_base: 'OU=Users,DC=example,DC=com'
        - storage.admin
        - security.admin
        - support.admin
        - storage.monitor

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
on success
Success message

The ldap settings have been updated.



  • Michael Price (@lmprice)


If you notice any issues in this documentation you can edit this document to improve it.