netapp.storagegrid.na_sg_org_identity_federation module – NetApp StorageGRID manage Tenant identity federation.
Note
This module is part of the netapp.storagegrid collection (version 21.13.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install netapp.storagegrid
.
To use it in a playbook, specify: netapp.storagegrid.na_sg_org_identity_federation
.
New in netapp.storagegrid 21.6.0
Synopsis
Configure Tenant Identity Federation within NetApp StorageGRID.
If module is run with
check_mode
, a connectivity test will be performed using the supplied values without changing the configuration.This module is idempotent if password is not specified.
Parameters
Parameter |
Comments |
---|---|
The url to the StorageGRID Admin Node REST API. |
|
The authorization token for the API request |
|
The Distinguished Name of the LDAP subtree to search for groups. |
|
The Distinguished Name of the LDAP subtree to search for users. |
|
Custom certificate used to connect to the LDAP server. If a custom certificate is not supplied, the operating system CA certificate will be used. |
|
The hostname or IP address of the LDAP server. |
|
The LDAP attribute which contains the group for a user. Should be configured if ldap_service_type=Other. |
|
The LDAP attribute which contains the group’s permanent unique identity. Should be configured if ldap_service_type=Other. |
|
The type of LDAP server. Choices:
|
|
The LDAP attribute which contains the unique user name of a user. Should be configured if ldap_service_type=Other. |
|
The LDAP attribute which contains the permanent unique identity of a user. Should be configured if ldap_service_type=Other. |
|
The password associated with the username. |
|
The port used to connect to the LDAP server. Typically 389 for LDAP, or 636 for LDAPS. |
|
Whether identity federation should be enabled or not. Choices:
|
|
Whether Transport Layer Security is used to connect to the LDAP server. Choices:
|
|
The type of identity source. Default is ‘ldap’. Default: |
|
The username to bind to the LDAP server. |
|
Should https certificates be validated? Choices:
|
Notes
Note
The modules prefixed with
na_sg
are built to manage NetApp StorageGRID.
Examples
- name: test identity federation configuration
netapp.storagegrid.na_sg_org_identity_federation:
api_url: "https://<storagegrid-endpoint-url>"
auth_token: "storagegrid-auth-token"
validate_certs: false
state: present
ldap_service_type: "Active Directory"
hostname: "ad.example.com"
port: 389
username: "binduser"
password: "bindpass"
base_group_dn: "DC=example,DC=com"
base_user_dn: "DC=example,DC=com"
tls: "Disabled"
check_mode: yes
- name: configure identity federation with AD and TLS
netapp.storagegrid.na_sg_org_identity_federation:
api_url: "https://<storagegrid-endpoint-url>"
auth_token: "storagegrid-auth-token"
validate_certs: false
state: present
ldap_service_type: "Active Directory"
hostname: "ad.example.com"
port: 636,
username: "binduser"
password: "bindpass"
base_group_dn: "DC=example,DC=com"
base_user_dn: "DC=example,DC=com"
tls: "LDAPS"
ca_cert: |
-----BEGIN CERTIFICATE-----
MIIC+jCCAeICCQDmn9Gow08LTzANBgkqhkiG9w0BAQsFADA/..swCQYDVQQGEwJV
bXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB..JFzNIXQEGnsgjV
JGU4giuvOLOZ8Q3gyuUbkSUQDjmjpMR8PliwJ6iW2Ity89Dv..dl1TaIYI/ansyZ
Uxk4YXeN6kUkrDtNxCg1McALzXVAfxMTtj2SFlLxne4Z6rX2..UyftQrfM13F1vY
gK8dBPz+l+X/Uozo/xNm7gxe68p9le9/pcULst1CQn5/sPqq..kgWcSvlKUItu82
lq3B2169rovdIaNdcvaQjMPhrDGo5rvLfMN35U3Hgbz41PL5..x2BcUE6/0ab5T4
qKBxKa3t9twj+zpUqOzyL0PFfCE+SK5fEXAS1ow4eAcLN+eB..gR/PuvGAyIPCtE
1+X4GrECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFpO+04Ra..FMJPH6dBmzfb7l
k04BWTvSlur6HiQdXY+oFQMJZzyI7MQ8v9HBIzS0ZAzYWLp4..VZhHmRxnrWyxVs
u783V5YfQH2L4QnBDoiDefgxyfDs2PcoF5C+X9CGXmPqzst2..y/6tdOVJzdiA==
-----END CERTIFICATE-----
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Returns information about the StorageGRID tenant account identity source configuration. Returned: success Sample: |