utm_aaa_group – Create, update or destroy an aaa group object in Sophos UTM¶
New in version 2.8.
Synopsis¶
Create, update or destroy an aaa group object in Sophos UTM.
This module needs to have the REST Ability of the UTM to be activated.
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
adirectory_groups
list
|
List of adirectory group strings.
|
|
|
adirectory_groups_sids
dictionary
|
Dictionary of group sids.
|
|
|
backend_match
string
|
|
The backend for the group.
|
|
comment
string
|
Default: ""
|
Comment that describes the AAA group.
|
|
dynamic
string
|
|
Group type. Is static if none is selected.
|
|
edirectory_groups
list
|
List of edirectory group strings.
|
|
|
headers
dictionary
|
A dictionary of additional headers to be sent to POST and PUT requests.
Is needed for some modules
|
|
|
ipsec_dn
string
|
The ipsec dn string.
|
|
|
ldap_attribute
string
|
The ldap attribute to check against.
|
|
|
ldap_attribute_value
string
|
The ldap attribute value to check against.
|
|
|
members
list
|
Default: []
|
A list of user ref names (aaa/user).
|
|
name
string
/ required
|
The name of the object. Will be used to identify the entry.
|
|
|
network
string
|
Default: ""
|
The network reference name. The objects contains the known ip addresses for the authentication object (network/aaa).
|
|
radius_groups
list
|
Default: []
|
A list of radius group strings.
|
|
state
string
|
|
The desired state of the object.
present will create or update an objectabsent will delete an object if it was present |
|
tacacs_groups
list
|
Default: []
|
A list of tacacs group strings.
|
|
utm_host
string
/ required
|
The REST Endpoint of the Sophos UTM.
|
|
|
utm_port
integer
|
Default: 4444
|
The port of the REST interface.
|
|
utm_protocol
string
|
|
The protocol of the REST Endpoint.
|
|
utm_token
string
/ required
|
The token used to identify at the REST-API. See https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en, Chapter 2.4.2.
|
|
|
validate_certs
boolean
|
|
Whether the REST interface's ssl certificate should be verified or not.
|
Examples¶
- name: Create UTM aaa_group
utm_aaa_group:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAAAGroupEntry
backend_match: ldap
dynamic: directory_groups
ldap_attributes: memberof
ldap_attributes_value: "cn=groupname,ou=Groups,dc=mydomain,dc=com"
network: REF_OBJECT_STRING
state: present
- name: Remove UTM aaa_group
utm_aaa_group:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAAAGroupEntry
state: absent
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
|
result
complex
|
success |
The utm object that was created.
|
|
|
_locked
boolean
|
Whether or not the object is currently locked.
|
||
|
_ref
string
|
The reference name of the object.
|
||
|
_type
string
|
The type of the object.
|
||
|
adirectory_groups
string
|
List of Active Directory Groups.
|
||
|
adirectory_groups_sids
list
|
List of Active Directory Groups SIDS.
|
||
|
backend_match
string
|
The backend to use.
|
||
|
comment
string
|
The comment string.
|
||
|
dynamic
string
|
Whether the group match is ipsec_dn or directory_group.
|
||
|
edirectory_groups
string
|
List of eDirectory Groups.
|
||
|
ipsec_dn
string
|
ipsec_dn identifier to match.
|
||
|
ldap_attribute
string
|
The LDAP Attribute to match against.
|
||
|
ldap_attribute_value
string
|
The LDAP Attribute Value to match against.
|
||
|
members
list
|
List of member identifiers of the group.
|
||
|
name
string
|
The name of the object.
|
||
|
network
string
|
The identifier of the network (network/aaa).
|
||
|
radius_group
string
|
The radius group identifier.
|
||
|
tacacs_group
string
|
The tacacs group identifier.
|
||
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]