utm_aaa_group – Create, update or destroy an aaa group object in Sophos UTM

New in version 2.8.

Synopsis

• Create, update or destroy an aaa group object in Sophos UTM.

• This module needs to have the REST Ability of the UTM to be activated.

Parameters

Parameter	Choices/Defaults	Comments
adirectory_groups list		List of adirectory group strings.
adirectory_groups_sids dictionary		Dictionary of group sids.
backend_match string	Choices: none ← adirectory edirectory radius tacacs ldap	The backend for the group.
comment string	Default: ""	Comment that describes the AAA group.
dynamic string	Choices: none ← ipsec_dn directory_groups	Group type. Is static if none is selected.
edirectory_groups list		List of edirectory group strings.
headers dictionary		A dictionary of additional headers to be sent to POST and PUT requests. Is needed for some modules
ipsec_dn string		The ipsec dn string.
ldap_attribute string		The ldap attribute to check against.
ldap_attribute_value string		The ldap attribute value to check against.
members list	Default: []	A list of user ref names (aaa/user).
name string / required		The name of the object. Will be used to identify the entry.
network string	Default: ""	The network reference name. The objects contains the known ip addresses for the authentication object (network/aaa).
radius_groups list	Default: []	A list of radius group strings.
state string	Choices: absent present ←	The desired state of the object. present will create or update an object absent will delete an object if it was present
tacacs_groups list	Default: []	A list of tacacs group strings.
utm_host string / required		The REST Endpoint of the Sophos UTM.
utm_port integer	Default: 4444	The port of the REST interface.
utm_protocol string	Choices: http https ←	The protocol of the REST Endpoint.
utm_token string / required		The token used to identify at the REST-API. See https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en, Chapter 2.4.2.
validate_certs boolean	Choices: no yes ←	Whether the REST interface's ssl certificate should be verified or not.

Examples

- name: Create UTM aaa_group
  utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    backend_match: ldap
    dynamic: directory_groups
    ldap_attributes: memberof
    ldap_attributes_value: "cn=groupname,ou=Groups,dc=mydomain,dc=com"
    network: REF_OBJECT_STRING
    state: present

- name: Remove UTM aaa_group
  utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key		Returned	Description
result complex		success	The utm object that was created.
	_locked boolean		Whether or not the object is currently locked.
	_ref string		The reference name of the object.
	_type string		The type of the object.
	adirectory_groups string		List of Active Directory Groups.
	adirectory_groups_sids list		List of Active Directory Groups SIDS.
	backend_match string		The backend to use.
	comment string		The comment string.
	dynamic string		Whether the group match is ipsec_dn or directory_group.
	edirectory_groups string		List of eDirectory Groups.
	ipsec_dn string		ipsec_dn identifier to match.
	ldap_attribute string		The LDAP Attribute to match against.
	ldap_attribute_value string		The LDAP Attribute Value to match against.
	members list		List of member identifiers of the group.
	name string		The name of the object.
	network string		The identifier of the network (network/aaa).
	radius_group string		The radius group identifier.
	tacacs_group string		The tacacs group identifier.

Status

• This module is not guaranteed to have a backwards compatible interface. [preview]

• This module is maintained by the Ansible Community. [community]

Authors

• Johannes Brunswicker (@MatrixCrawler)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.