utm_aaa_group – Create, update or destroy an aaa group object in Sophos UTM¶
New in version 2.8.
Synopsis¶
- Create, update or destroy an aaa group object in Sophos UTM.
- This module needs to have the REST Ability of the UTM to be activated.
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
adirectory_groups
list
|
List of adirectory group strings.
|
|
adirectory_groups_sids
dictionary
|
Dictionary of group sids.
|
|
backend_match
string
|
|
The backend for the group.
|
comment
string
|
Default: ""
|
Comment that describes the AAA group.
|
dynamic
string
|
|
Group type. Is static if none is selected.
|
edirectory_groups
list
|
List of edirectory group strings.
|
|
headers
dictionary
|
A dictionary of additional headers to be sent to POST and PUT requests.
Is needed for some modules
|
|
ipsec_dn
string
|
The ipsec dn string.
|
|
ldap_attribute
string
|
The ldap attribute to check against.
|
|
ldap_attribute_value
string
|
The ldap attribute value to check against.
|
|
members
list
|
Default: []
|
A list of user ref names (aaa/user).
|
name
string
/ required
|
The name of the object. Will be used to identify the entry.
|
|
network
string
|
Default: ""
|
The network reference name. The objects contains the known ip addresses for the authentication object (network/aaa).
|
radius_groups
list
|
Default: []
|
A list of radius group strings.
|
state
string
|
|
The desired state of the object.
present will create or update an objectabsent will delete an object if it was present |
tacacs_groups
list
|
Default: []
|
A list of tacacs group strings.
|
utm_host
string
/ required
|
The REST Endpoint of the Sophos UTM.
|
|
utm_port
integer
|
Default: 4444
|
The port of the REST interface.
|
utm_protocol
string
|
|
The protocol of the REST Endpoint.
|
utm_token
string
/ required
|
The token used to identify at the REST-API. See https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en, Chapter 2.4.2.
|
|
validate_certs
boolean
|
|
Whether the REST interface's ssl certificate should be verified or not.
|
Examples¶
- name: Create UTM aaa_group
utm_aaa_group:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAAAGroupEntry
backend_match: ldap
dynamic: directory_groups
ldap_attributes: memberof
ldap_attributes_value: "cn=groupname,ou=Groups,dc=mydomain,dc=com"
network: REF_OBJECT_STRING
state: present
- name: Remove UTM aaa_group
utm_aaa_group:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAAAGroupEntry
state: absent
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Johannes Brunswicker (@MatrixCrawler)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.