netapp.storagegrid.na_sg_grid_identity_federation module – NetApp StorageGRID manage Grid identity federation.
Note
This module is part of the netapp.storagegrid collection (version 21.10.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install netapp.storagegrid
.
To use it in a playbook, specify: netapp.storagegrid.na_sg_grid_identity_federation
.
New in version 21.6.0: of netapp.storagegrid
Synopsis
Configure Grid Identity Federation within NetApp StorageGRID.
If module is run with check_mode, a connectivity test will be performed using the supplied values without changing the configuration.
This module is idempotent if password is not specified.
Parameters
Parameter |
Comments |
---|---|
The url to the StorageGRID Admin Node REST API. |
|
The authorization token for the API request |
|
The Distinguished Name of the LDAP subtree to search for groups. |
|
The Distinguished Name of the LDAP subtree to search for users. |
|
Custom certificate used to connect to the LDAP server. If a custom certificate is not supplied, the operating system CA certificate will be used. |
|
The hostname or IP address of the LDAP server. |
|
The LDAP attribute which contains the group for a user. Should be configured if ldap_service_type=Other. |
|
The LDAP attribute which contains the group’s permanent unique identity. Should be configured if ldap_service_type=Other. |
|
The type of LDAP server. Choices:
|
|
The LDAP attribute which contains the unique user name of a user. Should be configured if ldap_service_type=Other. |
|
The LDAP attribute which contains the permanent unique identity of a user. Should be configured if ldap_service_type=Other. |
|
The password associated with the username. |
|
The port used to connect to the LDAP server. Typically 389 for LDAP, or 636 for LDAPS. |
|
Whether identity federation should be enabled or not. Choices:
|
|
Whether Transport Layer Security is used to connect to the LDAP server. Choices:
|
|
The type of identity source. Default is Default: “ldap” |
|
The username to bind to the LDAP server. |
|
Should https certificates be validated? Choices:
|
Examples
- name: test identity federation configuration
netapp.storagegrid.na_sg_grid_identity_federation:
api_url: "https://<storagegrid-endpoint-url>"
auth_token: "storagegrid-auth-token"
validate_certs: false
state: present
ldap_service_type: "Active Directory"
hostname: "ad.example.com"
port: 389
username: "binduser"
password: "bindpass"
base_group_dn: "DC=example,DC=com"
base_user_dn: "DC=example,DC=com"
tls: "Disabled"
check_mode: yes
- name: configure identity federation with AD and TLS
netapp.storagegrid.na_sg_grid_identity_federation:
api_url: "https://<storagegrid-endpoint-url>"
auth_token: "storagegrid-auth-token"
validate_certs: false
state: present
ldap_service_type: "Active Directory"
hostname: "ad.example.com"
port: 636
username: "binduser"
password: "bindpass"
base_group_dn: "DC=example,DC=com"
base_user_dn: "DC=example,DC=com"
tls: "LDAPS"
ca_cert: |
-----BEGIN CERTIFICATE-----
MIIC+jCCAeICCQDmn9Gow08LTzANBgkqhkiG9w0BAQsFADA/..swCQYDVQQGEwJV
bXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB..JFzNIXQEGnsgjV
JGU4giuvOLOZ8Q3gyuUbkSUQDjmjpMR8PliwJ6iW2Ity89Dv..dl1TaIYI/ansyZ
Uxk4YXeN6kUkrDtNxCg1McALzXVAfxMTtj2SFlLxne4Z6rX2..UyftQrfM13F1vY
gK8dBPz+l+X/Uozo/xNm7gxe68p9le9/pcULst1CQn5/sPqq..kgWcSvlKUItu82
lq3B2169rovdIaNdcvaQjMPhrDGo5rvLfMN35U3Hgbz41PL5..x2BcUE6/0ab5T4
qKBxKa3t9twj+zpUqOzyL0PFfCE+SK5fEXAS1ow4eAcLN+eB..gR/PuvGAyIPCtE
1+X4GrECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFpO+04Ra..FMJPH6dBmzfb7l
k04BWTvSlur6HiQdXY+oFQMJZzyI7MQ8v9HBIzS0ZAzYWLp4..VZhHmRxnrWyxVs
u783V5YfQH2L4QnBDoiDefgxyfDs2PcoF5C+X9CGXmPqzst2..y/6tdOVJzdiA==
-----END CERTIFICATE-----
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Returns information about the StorageGRID management identity source configuration. Returned: success Sample: {“baseGroupDn”: “DC=example,DC=com”, “baseUserDn”: “DC=example,DC=com”, “caCert”: “—–BEGIN CERTIFICATE—– abcdefghijkl123456780ABCDEFGHIJKL 123456/7890ABCDEFabcdefghijklABCD —–END CERTIFICATE—– “, “disable”: false, “disableTLS”: false, “enableLDAPS”: false, “hostname”: “10.1.2.3”, “id”: “00000000-0000-0000-0000-000000000000”, “ldapServiceType”: “Active Directory”, “password”: “********”, “port”: 389, “type”: “ldap”, “username”: “MYDOMAIN\\Administrator”} |
Authors
NetApp Ansible Team (@joshedmonds)