dellemc.openmanage.ome_domain_user_groups module – Create, modify, or delete an Active Directory/LDAP user group on OpenManage Enterprise and OpenManage Enterprise Modular

Note

This module is part of the dellemc.openmanage collection (version 8.7.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dellemc.openmanage. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: dellemc.openmanage.ome_domain_user_groups.

New in dellemc.openmanage 4.0.0

Synopsis

  • This module allows to create, modify, or delete an Active Directory/LDAP user group on OpenManage Enterprise and OpenManage Enterprise Modular.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.9.6

Parameters

Parameter

Comments

ca_path

path

added in dellemc.openmanage 5.0.0

The Privacy Enhanced Mail (PEM) file that contains a CA certificate to be used for the validation.

directory_id

integer

The ID of the Active Directory/LDAP.

directory_id is mutually exclusive with directory_name.

directory_name

string

The directory name set while adding the Active Directory/LDAP.

directory_name is mutually exclusive with directory_id.

directory_type

string

Type of the account.

Choices:

  • "AD" ← (default)

  • "LDAP"

domain_password

string

Active Directory/LDAP domain password.

domain_username

string

Active Directory/LDAP domain username.

Example: username@domain or domain\username.

group_name

string / required

The desired Active Directory/LDAP user group name to be imported or removed.

Examples for user group name: Administrator or Account Operators or Access Control Assistance Operator.

group_name value is case insensitive.

hostname

string / required

OpenManage Enterprise or OpenManage Enterprise Modular IP address or hostname.

password

string / required

OpenManage Enterprise or OpenManage Enterprise Modular password.

If the password is not provided, then the environment variable OME_PASSWORD is used.

Example: export OME_PASSWORD=password

port

integer

OpenManage Enterprise or OpenManage Enterprise Modular HTTPS port.

Default: 443

role

string

The desired roles and privilege for the imported Active Directory/LDAP user group.

OpenManage Enterprise Modular Roles: CHASSIS ADMINISTRATOR, COMPUTE MANAGER, STORAGE MANAGER, FABRIC MANAGER, VIEWER.

OpenManage Enterprise Roles: ADMINISTRATOR, DEVICE MANAGER, VIEWER.

role value is case insensitive.

state

string

present imports or modifies the Active Directory/LDAP user group.

absent deletes an existing Active Directory/LDAP user group.

Choices:

  • "present" ← (default)

  • "absent"

timeout

integer

added in dellemc.openmanage 5.0.0

The socket level timeout in seconds.

Default: 30

username

string / required

OpenManage Enterprise or OpenManage Enterprise Modular username.

If the username is not provided, then the environment variable OME_USERNAME is used.

Example: export OME_USERNAME=username

validate_certs

boolean

added in dellemc.openmanage 5.0.0

If false, the SSL certificates will not be validated.

Configure false only on personally controlled sites where self-signed certificates are used.

Prior to collection version 5.0.0, the validate_certs is false by default.

Choices:

  • false

  • true ← (default)

Notes

Note

  • This module supports check_mode and idempotency.

  • Run this module from a system that has direct access to OpenManage Enterprise or OpenManage Enterprise Modular.

Examples

---
- name: Create Active Directory user group
  dellemc.openmanage.ome_domain_user_groups:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    ca_path: "/path/to/ca_cert.pem"
    state: present
    group_name: account operators
    directory_name: directory_name
    role: administrator
    domain_username: username@domain
    domain_password: domain_password

- name: Update Active Directory user group
  dellemc.openmanage.ome_domain_user_groups:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    ca_path: "/path/to/ca_cert.pem"
    state: present
    group_name: account operators
    role: viewer

- name: Delete active directory user group
  dellemc.openmanage.ome_domain_user_groups:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    ca_path: "/path/to/ca_cert.pem"
    state: absent
    group_name: administrators

- name: Import LDAP directory group.
  dellemc.openmanage.ome_domain_user_groups:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    ca_path: "/path/to/ca_cert.pem"
    directory_type: LDAP
    state: present
    group_name: account operators
    directory_name: directory_name
    role: administrator
    domain_username: username@domain
    domain_password: domain_password

- name: Remove LDAP directory group.
  dellemc.openmanage.ome_domain_user_groups:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    ca_path: "/path/to/ca_cert.pem"
    state: absent
    group_name: account operators

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

domain_user_status

dictionary

Details of the domain user operation, when state is present.

Returned: When state is present.

Sample: {"Description": null, "DirectoryServiceId": 16097, "Enabled": true, "Id": "16617", "IsBuiltin": false, "IsVisible": true, "Locked": false, "Name": "Account Operators", "ObjectGuid": "a491859c-031e-42a3-ae5e-0ab148ecf1d6", "ObjectSid": null, "Oem": null, "Password": null, "PlainTextPassword": null, "RoleId": "16", "UserName": "Account Operators", "UserTypeId": 2}

error_info

dictionary

Details of the HTTP Error.

Returned: on HTTP error

Sample: {"error": {"@Message.ExtendedInfo": [{"Message": "Unable to process the request because an error occurred.", "MessageArgs": [], "MessageId": "GEN1234", "RelatedProperties": [], "Resolution": "Retry the operation. If the issue persists, contact your system administrator.", "Severity": "Critical"}], "code": "Base.1.0.GeneralError", "message": "A general error has occurred. See ExtendedInfo for more information."}}

msg

string

Overall status of the Active Directory/LDAP user group operation.

Returned: always

Sample: "Successfully imported the Active Directory/LDAP user group."

Authors

  • Felix Stephen (@felixs88)

  • Abhishek Sinha (@Abhishek-Dell)