community.general.ldap_search module – Search for entries in a LDAP server
Note
This module is part of the community.general collection (version 10.1.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.general.ldap_search
.
New in community.general 0.2.0
Synopsis
Return the results of an LDAP search.
Requirements
The below requirements are needed on the host that executes this module.
python-ldap
Parameters
Parameter |
Comments |
---|---|
A list of attributes for limiting the result. Use an actual list or a comma-separated string. |
|
If provided, all attribute values returned that are listed in this option will be Base64 encoded. If the special value All other attribute values will be converted to UTF-8 strings. If they contain binary data, please note that invalid UTF-8 bytes will be omitted. |
|
A DN to bind with. If this is omitted, we’ll try a SASL bind with the EXTERNAL mechanism as default. If this is blank, we’ll use an anonymous bind. |
|
The password to use with Default: |
|
Set the path to PEM file with CA certs. |
|
PEM formatted certificate chain file to be used for SSL client authentication. Required if |
|
PEM formatted file that contains your private key to be used for SSL client authentication. Required if |
|
The LDAP DN to search in. |
|
Used for filtering the LDAP search result. Default: |
|
The page size when performing a simple paged result search (RFC 2696). This setting can be tuned to reduce issues with timeouts and server limits. Setting the page size to Default: |
|
Set the referrals chasing behavior.
Choices:
|
|
The class to use for SASL authentication. Choices:
|
|
Set to Choices:
|
|
The LDAP scope to use.
Choices:
|
|
The The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location. Note that when using multiple URIs you cannot determine to which URI your client gets connected. For URIs containing additional fields, particularly when using commas, behavior is undefined. Default: |
|
If true, we’ll use the START_TLS LDAP extension. Choices:
|
|
If set to This should only be used on sites using self-signed certificates. Choices:
|
|
Set the behavior on how to process Xordered DNs.
Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Notes
Note
The default authentication settings will attempt to use a SASL EXTERNAL bind over a UNIX domain socket. This works well with the default Ubuntu install for example, which includes a
cn=peercred,cn=external,cn=auth
ACL rule allowing root to modify the server configuration. If you need to use a simple bind to access your server, pass the credentials inbind_dn
andbind_pw
.
Examples
- name: Return all entries within the 'groups' organizational unit.
community.general.ldap_search:
dn: "ou=groups,dc=example,dc=com"
register: ldap_groups
- name: Return GIDs for all groups
community.general.ldap_search:
dn: "ou=groups,dc=example,dc=com"
scope: "onelevel"
attrs:
- "gidNumber"
register: ldap_group_gids