You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

community.zabbix.zabbix_authentication module – Update Zabbix authentication

Note

This module is part of the community.zabbix collection (version 1.7.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.zabbix.

To use it in a playbook, specify: community.zabbix.zabbix_authentication.

New in version 1.6.0: of community.zabbix

Synopsis
Requirements
Parameters
Notes
Examples
Return Values

Synopsis 

This module allows you to modify Zabbix authentication setting.

Requirements 

The below requirements are needed on the host that executes this module.

zabbix-api >= 0.5.4

Parameters 

Parameter	Comments
authentication_type string	Choose default authentication type. Choices: internal ldap
http_auth_enabled boolean	HTTP authentication will be enabled if `true`. Choices: no yes
http_case_sensitive boolean	Case sensitive login for HTTP authentication will be enabled if `true`. Choices: no yes
http_login_form string	Choose default login form. Choices: zabbix_login_form http_login_form
http_login_password string	Basic Auth password
http_login_user string	Basic Auth login
http_strip_domains list / elements=string	A list of domain names that should be removed from the username.
ldap_base_dn string	Base DN of LDAP. This setting is required if current value of ldap_configured is `false`.
ldap_bind_dn string	Bind DN of LDAP.
ldap_bind_password string	Bind password of LDAP.
ldap_case_sensitive boolean	case sensitive login for LDAP authentication will be enabled if `true`. Choices: no yes
ldap_configured boolean	LDAP authentication will be enabled if `true`. Choices: no yes
ldap_host string	LDAP server name. e.g. `ldap://ldap.zabbix.com` This setting is required if current value of ldap_configured is `false`.
ldap_port integer	A port number of LDAP server. This setting is required if current value of ldap_configured is `false`.
ldap_search_attribute string	Search attribute of LDAP. This setting is required if current value of ldap_configured is `false`.
login_password string / required	Zabbix user password. If not set the environment variable `ZABBIX_PASSWORD` will be used.
login_user string / required	Zabbix user name. If not set the environment variable `ZABBIX_USERNAME` will be used.
passwd_check_rules list / elements=string	Checking password rules. Select multiple from `contain_uppercase_and_lowercase_letters`, `contain_digits`. `contain_special_characters` and `avoid_easy_to_guess`. This parameter is available since Zabbix 6.0.
passwd_min_length integer	Minimal length of password. Choose from 1-70. This parameter is available since Zabbix 6.0.
saml_auth_enabled boolean	SAML authentication will be enabled if `true`. Choices: no yes
saml_case_sensitive boolean	Case sensitive login for SAML authentication will be enabled if `true`. Choices: no yes
saml_encrypt_assertions boolean	SAML encrypt assertions will be enabled if `true`. Choices: no yes
saml_encrypt_nameid boolean	SAML encrypt name ID will be enabled if `true`. Choices: no yes
saml_idp_entityid string	SAML identify provider’s entity ID. This setting is required if current value of saml_auth_enabled is `false`.
saml_nameid_format string	Name identifier format of SAML service provider.
saml_sign_assertions boolean	SAML sign assertions will be enabled if `true`. Choices: no yes
saml_sign_authn_requests boolean	SAML sign AuthN requests will be enabled if `true`. Choices: no yes
saml_sign_logout_requests boolean	SAML sign logout requests will be enabled if `true`. Choices: no yes
saml_sign_logout_responses boolean	SAML sign logout responses will be enabled if `true`. Choices: no yes
saml_sign_messages boolean	SAML sign messages will be enabled if `true`. Choices: no yes
saml_slo_url string	URL for SAML single logout service.
saml_sp_entityid string	Entity ID of SAML service provider. This setting is required if current value of saml_auth_enabled is `false`.
saml_sso_url string	URL for single sign on service of SAML. This setting is required if current value of saml_auth_enabled is `false`.
saml_username_attribute string	User name attribute of SAML. This setting is required if current value of saml_auth_enabled is `false`.
server_url aliases: url string / required	URL of Zabbix server, with protocol (http or https). `url` is an alias for `server_url`. If not set the environment variable `ZABBIX_SERVER` will be used.
timeout integer	The timeout of API request (seconds). Default: 10
validate_certs boolean	If set to False, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. If not set the environment variable `ZABBIX_VALIDATE_CERTS` will be used. Choices: no yes ← (default)

Notes 

Note

Zabbix 5.4 version and higher are supported.
If you use login_password=zabbix, the word “zabbix” is replaced by “****” in all module output, because login_password uses no_log. See this FAQ for more information.

Examples 

- name: Update all authentication setting
  zabbix_authentication:
    server_url: "http://zabbix.example.com/zabbix/"
    login_user: Admin
    login_password: secret
    authentication_type: internal
    http_auth_enabled: true
    http_login_form: zabbix_login_form
    http_strip_domains:
      - comp
      - any
    http_case_sensitive: true
    ldap_configured: true
    ldap_host: 'ldap://localhost'
    ldap_port: 389
    ldap_base_dn: 'ou=Users,ou=system'
    ldap_search_attribute: 'uid'
    ldap_bind_dn: 'uid=ldap_search,ou=system'
    ldap_case_sensitive: true
    ldap_bind_password: 'password'
    saml_auth_enabled: true
    saml_idp_entityid: ''
    saml_sso_url: 'https://localhost/SAML2/SSO'
    saml_slo_url: 'https://localhost/SAML2/SLO'
    saml_username_attribute: 'uid'
    saml_sp_entityid: 'https://localhost'
    saml_nameid_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
    saml_sign_messages: true
    saml_sign_assertions: true
    saml_sign_authn_requests: true
    saml_sign_logout_requests: true
    saml_sign_logout_responses: true
    saml_encrypt_nameid: true
    saml_encrypt_assertions: true
    saml_case_sensitive: true
    passwd_min_length: 70
    passwd_check_rules:
      - contain_uppercase_and_lowercase_letters
      - contain_digits
      - contain_special_characters
      - avoid_easy_to_guess

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
msg string	The result of the operation Returned: success Sample: “Successfully update authentication setting”

Authors

ONODERA Masaru(@masa-orca)

Collection links

Issue Tracker Homepage Repository (Sources)

community.zabbix.zabbix_authentication module – Update Zabbix authentication

Synopsis

Requirements

Parameters

Notes

Examples

Return Values