utm_aaa_group – Create, update or destroy an aaa group object in Sophos UTM

New in version 2.8.

Synopsis

  • Create, update or destroy an aaa group object in Sophos UTM.

  • This module needs to have the REST Ability of the UTM to be activated.

Parameters

Parameter Choices/Defaults Comments
adirectory_groups
list
List of adirectory group strings.
adirectory_groups_sids
dictionary
Dictionary of group sids.
backend_match
string
    Choices:
  • none ←
  • adirectory
  • edirectory
  • radius
  • tacacs
  • ldap
The backend for the group.
comment
string
Default:
""
Comment that describes the AAA group.
dynamic
string
    Choices:
  • none ←
  • ipsec_dn
  • directory_groups
Group type. Is static if none is selected.
edirectory_groups
list
List of edirectory group strings.
headers
dictionary
A dictionary of additional headers to be sent to POST and PUT requests.
Is needed for some modules
ipsec_dn
string
The ipsec dn string.
ldap_attribute
string
The ldap attribute to check against.
ldap_attribute_value
string
The ldap attribute value to check against.
members
list
Default:
[]
A list of user ref names (aaa/user).
name
string / required
The name of the object. Will be used to identify the entry.
network
string
Default:
""
The network reference name. The objects contains the known ip addresses for the authentication object (network/aaa).
radius_groups
list
Default:
[]
A list of radius group strings.
state
string
    Choices:
  • absent
  • present ←
The desired state of the object.
present will create or update an object
absent will delete an object if it was present
tacacs_groups
list
Default:
[]
A list of tacacs group strings.
utm_host
string / required
The REST Endpoint of the Sophos UTM.
utm_port
integer
Default:
4444
The port of the REST interface.
utm_protocol
string
    Choices:
  • http
  • https ←
The protocol of the REST Endpoint.
utm_token
string / required
validate_certs
boolean
    Choices:
  • no
  • yes ←
Whether the REST interface's ssl certificate should be verified or not.

Examples

- name: Create UTM aaa_group
  utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    backend_match: ldap
    dynamic: directory_groups
    ldap_attributes: memberof
    ldap_attributes_value: "cn=groupname,ou=Groups,dc=mydomain,dc=com"
    network: REF_OBJECT_STRING
    state: present

- name: Remove UTM aaa_group
  utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
result
complex
success
The utm object that was created.

 
_locked
boolean
Whether or not the object is currently locked.

 
_ref
string
The reference name of the object.

 
_type
string
The type of the object.

 
adirectory_groups
string
List of Active Directory Groups.

 
adirectory_groups_sids
list
List of Active Directory Groups SIDS.

 
backend_match
string
The backend to use.

 
comment
string
The comment string.

 
dynamic
string
Whether the group match is ipsec_dn or directory_group.

 
edirectory_groups
string
List of eDirectory Groups.

 
ipsec_dn
string
ipsec_dn identifier to match.

 
ldap_attribute
string
The LDAP Attribute to match against.

 
ldap_attribute_value
string
The LDAP Attribute Value to match against.

 
members
list
List of member identifiers of the group.

 
name
string
The name of the object.

 
network
string
The identifier of the network (network/aaa).

 
radius_group
string
The radius group identifier.

 
tacacs_group
string
The tacacs group identifier.



Status

Authors

  • Johannes Brunswicker (@MatrixCrawler)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.