dellemc.openmanage.ome_active_directory – Configure Active Directory groups to be used with Directory Services on OpenManage Enterprise and OpenManage Enterprise Modular

Note

This plugin is part of the dellemc.openmanage collection (version 4.3.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dellemc.openmanage.

To use it in a playbook, specify: dellemc.openmanage.ome_active_directory.

New in version 4.0.0: of dellemc.openmanage

Synopsis

  • This module allows to add, modify, and delete OpenManage Enterprise connection with Active Directory Service.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.7.17

Parameters

Parameter Choices/Defaults Comments
certificate_file
path
Provide the full path of the SSL certificate.
The certificate should be a Root CA Certificate encoded in Base64 format.
This is applicable when validate_certificate is yes.
domain_controller_lookup
string
    Choices:
  • DNS ←
  • MANUAL
Select the Domain Controller Lookup method.
domain_controller_port
integer
Default:
3269
Domain controller port.
By default, Global Catalog Address port number 3269 is populated.
For the Domain Controller Access, enter 636 as the port number.
NOTE, Only LDAPS ports are supported.
domain_password
string
Provide the domain password.
This is applicable when test_connection is yes.
domain_server
list / elements=string
Enter the domain name or FQDN or IP address of the domain controller.
If domain_controller_lookup is DNS, enter the domain name to query DNS for the domain controllers.
If domain_controller_lookup is MANUAL, enter the FQDN or the IP address of the domain controller. The maximum number of Active Directory servers that can be added is three.
domain_username
string
Provide the domain username either in the UPN ([email protected]) or NetBIOS (domain\\username) format.
This is applicable when test_connection is yes.
group_domain
string
Provide the group domain in the format example.com or ou=org, dc=example, dc=com.
hostname
string / required
OpenManage Enterprise or OpenManage Enterprise Modular IP address or hostname.
id
integer
Provide the ID of the existing Active Directory service connection.
This is applicable for modification and deletion.
This is mutually exclusive with name.
name
string
Provide a name for the Active Directory connection.
This is applicable for creation and deletion.
This is mutually exclusive with name.
network_timeout
integer
Default:
120
Enter the network timeout duration in seconds.
The supported timeout duration range is 15 to 300 seconds.
password
string / required
OpenManage Enterprise or OpenManage Enterprise Modular password.
port
integer
Default:
443
OpenManage Enterprise or OpenManage Enterprise Modular HTTPS port.
search_timeout
integer
Default:
120
Enter the search timeout duration in seconds.
The supported timeout duration range is 15 to 300 seconds.
state
string
    Choices:
  • present ←
  • absent
present allows to create or modify an Active Directory service.
absent allows to delete a Active Directory service.
test_connection
boolean
    Choices:
  • no ←
  • yes
Enables testing the connection to the domain controller.
The connection to the domain controller is tested with the provided Active Directory service details.
If test fails, module will error out.
If yes, domain_username and domain_password has to be provided.
username
string / required
OpenManage Enterprise or OpenManage Enterprise Modular username.
validate_certificate
boolean
    Choices:
  • no ←
  • yes
Enables validation of SSL certificate of the domain controller.
The module will always report change when this is yes.

Notes

Note

  • The module will always report change when validate_certificate is yes.

  • Run this module from a system that has direct access to OpenManage Enterprise.

  • This module supports check_mode.

Examples

---
- name: Add Active Directory service using DNS lookup along with the test connection
  dellemc.openmanage.ome_active_directory:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    name: my_ad1
    domain_server:
      - domainname.com
    group_domain: domainname.com
    test_connection: yes
    domain_username: [email protected]
    domain_password: domain_password

- name: Add Active Directory service using IP address of the domain controller with certificate validation
  dellemc.openmanage.ome_active_directory:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    name: my_ad2
    domain_controller_lookup: MANUAL
    domain_server:
      - 192.68.20.181
    group_domain: domainname.com
    validate_certificate: yes
    certificate_file: "/path/to/certificate/file.cer"

- name: Modify domain controller IP address, network_timeout and group_domain
  dellemc.openmanage.ome_active_directory:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    name: my_ad2
    domain_controller_lookup: MANUAL
    domain_server:
      - 192.68.20.189
    group_domain: newdomain.in
    network_timeout: 150

- name: Delete Active Directory service
  dellemc.openmanage.ome_active_directory:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    name: my_ad2
    state: absent

- name: Test connection to existing Active Directory service with certificate validation
  dellemc.openmanage.ome_active_directory:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    name: my_ad2
    test_connection: yes
    domain_username: [email protected]
    domain_password: domain_password
    validate_certificate: yes
    certificate_file: "/path/to/certificate/file.cer"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
active_directory
dictionary
on change
The Active Directory that was added, modified or deleted by this module.

Sample:
{'CertificateValidation': False, 'DnsServer': [], 'GroupDomain': 'dellemcdomain.com', 'Id': 21789, 'Name': 'ad_test', 'NetworkTimeOut': 120, 'Password': None, 'SearchTimeOut': 120, 'ServerName': ['192.168.20.181'], 'ServerPort': 3269, 'ServerType': 'MANUAL'}
error_info
dictionary
on HTTP error
Details of the HTTP Error.

Sample:
{'error_info': {'error': {'@Message.ExtendedInfo': [{'Message': 'Unable to connect to the LDAP or AD server because the entered credentials are invalid.', 'MessageArgs': [], 'MessageId': 'CSEC5002', 'RelatedProperties': [], 'Resolution': 'Make sure the server input configuration are valid and retry the operation.', 'Severity': 'Critical'}], 'code': 'Base.1.0.GeneralError', 'message': 'A general error has occurred. See ExtendedInfo for more information.'}}}
msg
string
always
Overall status of the Active Directory operation.

Sample:
Successfully renamed the slot(s).


Authors

  • Jagadeesh N V(@jagadeeshnv)