netapp.ontap.na_ontap_ldap_client module – NetApp ONTAP LDAP client
Note
This module is part of the netapp.ontap collection (version 22.10.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install netapp.ontap.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: netapp.ontap.na_ontap_ldap_client.
New in netapp.ontap 2.9.0
Synopsis
Create, modify or delete LDAP client on NetApp ONTAP.
Requirements
The below requirements are needed on the host that executes this module.
Ansible 2.9 or later - 2.12 or later is recommended.
Python3 - 3.9 or later is recommended.
When using ZAPI, netapp-lib 2018.11.13 or later (install using ‘pip install netapp-lib’), netapp-lib 2020.3.12 is strongly recommended as it provides better error reporting for connection issues
a physical or virtual clustered Data ONTAP system, the modules support Data ONTAP 9.1 and onward, REST support requires ONTAP 9.6 or later
Parameters
Parameter |
Comments |
|---|---|
Active Directory Domain Name. servers or ad_domain is required if state=present. Mutually exclusive with servers. |
|
LDAP base DN. |
|
LDAP search scope. Choices:
|
|
The cluster uses the CIFS server’s credentials to bind to the LDAP server. Choices:
|
|
LDAP bind user DN. |
|
LDAP bind user password. |
|
path to SSL client cert file (.pem). not supported with python 2.6. |
|
Enable or disable a new feature. This can be used to enable an experimental feature or disable a new feature that breaks backward compatibility. Supported keys and values are subject to change without notice. Unknown keys are ignored. |
|
Override the cluster ONTAP version when using REST. The behavior is undefined if the version does not match the target cluster. This is provided as a work-around when the cluster version cannot be read because of permission issues. See https://github.com/ansible-collections/netapp.ontap/wiki/Known-issues. This should be in the form 9.10 or 9.10.1 with each element being an integer number. When Ignored with ZAPI. |
|
The hostname or IP address of the ONTAP instance. |
|
Override the default port (80 or 443) with this port |
|
Enable and disable https. Ignored when using REST as only https is supported. Ignored when using SSL certificate authentication as it requires SSL. Choices:
|
|
path to SSL client key file. |
|
Specifies whether or not LDAPS is enabled. Choices:
|
|
Minimal LDAP server bind level. Choices:
|
|
The name of LDAP client configuration. Supported only in ZAPI. Required with ZAPI. |
|
The ontap api version to use |
|
Password for the specified user. |
|
LDAP server TCP port. |
|
Preferred Active Directory (AD) Domain Controllers. Mutually exclusive with servers. |
|
LDAP server query timeout. |
|
LDAP Referral Chasing. Choices:
|
|
LDAP schema. Required if state=present. default schemas - ‘AD-IDMU’, ‘AD-SFU’, ‘MS-AD-BIS’, ‘RFC-2307’. custom schemas are allowed as well. |
|
Comma separated list of LDAP servers. FQDN’s or IP addreses. servers or ad_domain is required if state=present. Mutually exclusive with preferred_ad_servers and ad_domain. |
|
Client Session Security. Choices:
|
|
Indicates whether or not the validation for the specified LDAP configuration is disabled. By default, errors are reported with REST when server names cannot be resolved for instance. Requires ONTAP 9.9 or later. This is ignored with ZAPI. Choices:
|
|
Whether the specified LDAP client configuration exist or not. Choices:
|
|
Whether to use REST or ZAPI. always – will always use the REST API if the module supports REST. A warning is issued if the module does not support REST. An error is issued if a module option is not supported in REST. never – will always use ZAPI if the module supports ZAPI. An error may be issued if a REST option is not supported in ZAPI. auto – will try to use the REST API if the module supports REST and modules options are supported. Reverts to ZAPI otherwise. Default: |
|
Start TLS on LDAP connection. Choices:
|
|
This can be a Cluster-scoped or SVM-scoped account, depending on whether a Cluster-level or SVM-level API is required. For more information, please read the documentation https://mysupport.netapp.com/NOW/download/software/nmsdk/9.4/. Two authentication methods are supported
To use a certificate, the certificate must have been installed in the ONTAP cluster, and cert authentication must have been enabled. |
|
If set to This should only set to Choices:
|
|
vserver/svm that holds LDAP client configuration. |
Notes
Note
LDAP client created using ZAPI should be deleted using ZAPI.
LDAP client created using REST should be deleted using REST.
REST only supports create, modify and delete data svm ldap client configuration.
The modules prefixed with na_ontap are built to support the ONTAP storage platform.
https is enabled by default and recommended. To enable http on the cluster you must run the following commands ‘set -privilege advanced;’ ‘system services web modify -http-enabled true;’
Examples
- name: Create LDAP client
# assuming credentials are set using module_defaults
netapp.ontap.na_ontap_ldap_client:
state: present
vserver: 'vserver1'
servers: 'ldap1.example.company.com,ldap2.example.company.com'
base_dn: 'dc=example,dc=company,dc=com'
- name: modify LDAP client
# assuming credentials are set using module_defaults
netapp.ontap.na_ontap_ldap_client:
state: present
vserver: 'vserver1'
servers: 'ldap1.example.company.com'
base_dn: 'dc=example,dc=company,dc=com'
skip_config_validation: true
- name: Delete LDAP client
# assuming credentials are set using module_defaults
netapp.ontap.na_ontap_ldap_client:
state: absent
vserver: 'vserver1'