netapp.storagegrid.na_sg_org_identity_federation – NetApp StorageGRID manage Tenant identity federation.

Note

This plugin is part of the netapp.storagegrid collection (version 21.9.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netapp.storagegrid.

To use it in a playbook, specify: netapp.storagegrid.na_sg_org_identity_federation.

New in version 21.6.0: of netapp.storagegrid

Synopsis

  • Configure Tenant Identity Federation within NetApp StorageGRID.

  • If module is run with check_mode, a connectivity test will be performed using the supplied values without changing the configuration.

  • This module is idempotent if password is not specified.

Parameters

Parameter Choices/Defaults Comments
api_url
string / required
The url to the StorageGRID Admin Node REST API.
auth_token
string / required
The authorization token for the API request
base_group_dn
string
The Distinguished Name of the LDAP subtree to search for groups.
base_user_dn
string
The Distinguished Name of the LDAP subtree to search for users.
ca_cert
string
Custom certificate used to connect to the LDAP server.
If a custom certificate is not supplied, the operating system CA certificate will be used.
hostname
string
The hostname or IP address of the LDAP server.
ldap_group_id_attribute
string
The LDAP attribute which contains the group for a user.
Should be configured if ldap_service_type=Other.
ldap_group_uuid_attribute
string
The LDAP attribute which contains the group's permanent unique identity.
Should be configured if ldap_service_type=Other.
ldap_service_type
string
    Choices:
  • Active Directory
  • OpenLDAP
  • Other
The type of LDAP server.
ldap_user_id_attribute
string
The LDAP attribute which contains the unique user name of a user.
Should be configured if ldap_service_type=Other.
ldap_user_uuid_attribute
string
The LDAP attribute which contains the permanent unique identity of a user.
Should be configured if ldap_service_type=Other.
password
string
The password associated with the username.
port
integer
The port used to connect to the LDAP server. Typically 389 for LDAP, or 636 for LDAPS.
state
string
    Choices:
  • present ←
  • absent
Whether identity federation should be enabled or not.
tls
string
    Choices:
  • STARTTLS ←
  • LDAPS
  • Disabled
Whether Transport Layer Security is used to connect to the LDAP server.
type
string
Default:
"ldap"
The type of identity source.
Default is 'ldap'.
username
string
The username to bind to the LDAP server.
validate_certs
boolean
    Choices:
  • no
  • yes ←
Should https certificates be validated?

Notes

Note

  • The modules prefixed with na_sg are built to manage NetApp StorageGRID.

Examples

- name: test identity federation configuration
  netapp.storagegrid.na_sg_org_identity_federation:
    api_url: "https://<storagegrid-endpoint-url>"
    auth_token: "storagegrid-auth-token"
    validate_certs: false
    state: present
    ldap_service_type: "Active Directory"
    hostname: "ad.example.com"
    port: 389
    username: "binduser"
    password: "bindpass"
    base_group_dn: "DC=example,DC=com"
    base_user_dn: "DC=example,DC=com"
    tls: "Disabled"
  check_mode: yes

- name: configure identity federation with AD and TLS
  netapp.storagegrid.na_sg_org_identity_federation:
    api_url: "https://<storagegrid-endpoint-url>"
    auth_token: "storagegrid-auth-token"
    validate_certs: false
    state: present
    ldap_service_type: "Active Directory"
    hostname: "ad.example.com"
    port: 636,
    username: "binduser"
    password: "bindpass"
    base_group_dn: "DC=example,DC=com"
    base_user_dn: "DC=example,DC=com"
    tls: "LDAPS"
    ca_cert: |
        -----BEGIN CERTIFICATE-----
        MIIC+jCCAeICCQDmn9Gow08LTzANBgkqhkiG9w0BAQsFADA/..swCQYDVQQGEwJV
        bXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB..JFzNIXQEGnsgjV
        JGU4giuvOLOZ8Q3gyuUbkSUQDjmjpMR8PliwJ6iW2Ity89Dv..dl1TaIYI/ansyZ
        Uxk4YXeN6kUkrDtNxCg1McALzXVAfxMTtj2SFlLxne4Z6rX2..UyftQrfM13F1vY
        gK8dBPz+l+X/Uozo/xNm7gxe68p9le9/pcULst1CQn5/sPqq..kgWcSvlKUItu82
        lq3B2169rovdIaNdcvaQjMPhrDGo5rvLfMN35U3Hgbz41PL5..x2BcUE6/0ab5T4
        qKBxKa3t9twj+zpUqOzyL0PFfCE+SK5fEXAS1ow4eAcLN+eB..gR/PuvGAyIPCtE
        1+X4GrECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFpO+04Ra..FMJPH6dBmzfb7l
        k04BWTvSlur6HiQdXY+oFQMJZzyI7MQ8v9HBIzS0ZAzYWLp4..VZhHmRxnrWyxVs
        u783V5YfQH2L4QnBDoiDefgxyfDs2PcoF5C+X9CGXmPqzst2..y/6tdOVJzdiA==
        -----END CERTIFICATE-----

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
resp
dictionary
success
Returns information about the StorageGRID tenant account identity source configuration.

Sample:
{'baseGroupDn': 'DC=example,DC=com', 'baseUserDn': 'DC=example,DC=com', 'caCert': '-----BEGIN CERTIFICATE----- abcdefghijkl123456780ABCDEFGHIJKL 123456/7890ABCDEFabcdefghijklABCD -----END CERTIFICATE----- ', 'disable': False, 'disableTLS': False, 'enableLDAPS': False, 'hostname': '10.1.2.3', 'id': '00000000-0000-0000-0000-000000000000', 'ldapServiceType': 'Active Directory', 'password': '********', 'port': 389, 'type': 'ldap', 'username': 'MYDOMAIN\\Administrator'}


Authors