community.general.ldap_passwd module – Set passwords in LDAP
Note
This module is part of the community.general collection (version 6.6.2).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.general.ldap_passwd
.
Synopsis
Set a password for an LDAP entry. This module only asserts that a given password is valid for a given entry. To assert the existence of an entry, see community.general.ldap_entry.
Requirements
The below requirements are needed on the host that executes this module.
python-ldap
Parameters
Parameter |
Comments |
---|---|
A DN to bind with. If this is omitted, we’ll try a SASL bind with the EXTERNAL mechanism as default. If this is blank, we’ll use an anonymous bind. |
|
The password to use with bind_dn. Default: |
|
Set the path to PEM file with CA certs. |
|
The DN of the entry to add or remove. |
|
The (plaintext) password to be set for dn. |
|
Set the referrals chasing behavior.
Choices:
|
|
The class to use for SASL authentication. Possible choices are Choices:
|
|
The server_uri parameter may be a comma- or whitespace-separated list of URIs containing only the schema, the host, and the port fields. The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location. Note that when using multiple URIs you cannot determine to which URI your client gets connected. For URIs containing additional fields, particularly when using commas, behavior is undefined. Default: |
|
If true, we’ll use the START_TLS LDAP extension. Choices:
|
|
If set to This should only be used on sites using self-signed certificates. Choices:
|
|
Set the behavior on how to process Xordered DNs.
Possible choices are Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Notes
Note
The default authentication settings will attempt to use a SASL EXTERNAL bind over a UNIX domain socket. This works well with the default Ubuntu install for example, which includes a cn=peercred,cn=external,cn=auth ACL rule allowing root to modify the server configuration. If you need to use a simple bind to access your server, pass the credentials in bind_dn and bind_pw.
Examples
- name: Set a password for the admin user
community.general.ldap_passwd:
dn: cn=admin,dc=example,dc=com
passwd: "{{ vault_secret }}"
- name: Setting passwords in bulk
community.general.ldap_passwd:
dn: "{{ item.key }}"
passwd: "{{ item.value }}"
with_dict:
alice: alice123123
bob: "|30b!"
admin: "{{ vault_secret }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
list of modified parameters Returned: success Sample: |
Collection links
Issue Tracker Repository (Sources) Submit a bug report Request a feature Communication