community.mongodb.mongodb_atlas_ldap_user module – Manage LDAP users in Atlas

Note

This module is part of the community.mongodb collection (version 1.7.7).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.mongodb.

To use it in a playbook, specify: community.mongodb.mongodb_atlas_ldap_user.

Synopsis

  • The mongodb_atlas_ldap_user module lets you create LDAP groups on the admin database by mapping LDAP groups to MongoDB roles on your Atlas databases.

  • Each user or group has a set of roles that provide access to the project’s databases.

  • API Documentation

Parameters

Parameter

Comments

api_password

aliases: apiPassword

string / required

The password for use in authentication with the Atlas API.

Can use API users and tokens (private key is password)

api_username

aliases: apiUsername

string / required

The username for use in authentication with the Atlas API.

Can use API users and tokens (public key is username)

database_name

aliases: databaseName

string

Database against which Atlas authenticates the user.

Choices:

  • "admin" ← (default)

  • "$external"

group_id

aliases: groupId

string / required

Unique identifier for the Atlas project.

ldap_auth_type

aliases: ldapAuthType

string

Type of LDAP authorization for the user i.e. USER or GROUP

Choices:

  • "GROUP" ← (default)

  • "USER"

roles

list / elements=dictionary / required

Array of this user’s roles and the databases / collections on which the roles apply.

A role must include folliwing elements

database_name

aliases: databaseName

string / required

Database on which the user has the specified role.

A role on the admin database can include privileges that apply to the other databases.

role_name

aliases: roleName

string / required

Name of the role. This value can either be a built-in role or a custom role.

state

string

State of the ressource.

Choices:

  • "present" ← (default)

  • "absent"

username

string / required

Username for authenticating to MongoDB.

Examples

- name: LDAP Group or Username
  community.mongodb.mongodb_atlas_ldap_user:
    api_username: "API_user"
    api_password: "API_passwort_or_token"
    atlas_ldap_user: "USER DN or GROUP DN"
    group_id: "GROUP_ID"
    database_name: "admin"
    username: my_app_user
    roles:
      - database_name: private_info
        role_name: read
      - database_name: public_info
        role_name: readWrite

Authors

  • Martin Schurz (@schurzi) / Derek Giri