theforeman.foreman.auth_source_ldap – Manage LDAP Authentication Sources

Note

This plugin is part of the theforeman.foreman collection (version 2.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install theforeman.foreman.

To use it in a playbook, specify: theforeman.foreman.auth_source_ldap.

New in version 1.0.0: of theforeman.foreman

Synopsis

  • Create, update, and delete LDAP authentication sources

Requirements

The below requirements are needed on the host that executes this module.

  • requests

Parameters

Parameter Choices/Defaults Comments
account
string
Account name to use when accessing the LDAP server.
account_password
string
Account password to use when accessing the LDAP server.
Required when using onthefly_register.
When this parameter is set, the module will not be idempotent.
attr_firstname
string
Attribute containing first name.
Required when using onthefly_register.
attr_lastname
string
Attribute containing last name.
Required when using onthefly_register.
attr_login
string
Attribute containing login ID.
Required when using onthefly_register.
attr_mail
string
Attribute containing email address.
Required when using onthefly_register.
attr_photo
string
Attribute containing user photo
base_dn
string
The base DN to use when searching.
groups_base
string
Base DN where groups reside.
host
string / required
The hostname of the LDAP server
ldap_filter
string
Filter to apply to LDAP searches
locations
list / elements=string
List of locations the entity should be assigned to
name
string / required
The name of the LDAP authentication source
onthefly_register
boolean
    Choices:
  • no
  • yes
Whether or not to register users on the fly.
organizations
list / elements=string
List of organizations the entity should be assigned to
password
string / required
Password of the user accessing the Foreman server.
If the value is not specified in the task, the value of environment variable FOREMAN_PASSWORD will be used instead.
port
integer
Default:
389
The port number of the LDAP server
server_type
string
    Choices:
  • free_ipa
  • active_directory
  • posix
Type of the LDAP server
server_url
string / required
URL of the Foreman server.
If the value is not specified in the task, the value of environment variable FOREMAN_SERVER_URL will be used instead.
state
string
    Choices:
  • present ←
  • absent
State of the entity
tls
boolean
    Choices:
  • no
  • yes
Whether or not to use TLS when contacting the LDAP server.
use_netgroups
boolean
    Choices:
  • no
  • yes
Whether to use NIS netgroups instead of posix groups, not valid for server_type=active_directory
usergroup_sync
boolean
    Choices:
  • no
  • yes
Whether or not to sync external user groups on login
username
string / required
Username accessing the Foreman server.
If the value is not specified in the task, the value of environment variable FOREMAN_USERNAME will be used instead.
validate_certs
boolean
    Choices:
  • no
  • yes ←
Whether or not to verify the TLS certificates of the Foreman server.
If the value is not specified in the task, the value of environment variable FOREMAN_VALIDATE_CERTS will be used instead.

Examples

- name: LDAP Authentication source
  theforeman.foreman.auth_source_ldap:
    name: "Example LDAP"
    host: "ldap.example.org"
    server_url: "https://foreman.example.com"
    locations:
      - "Uppsala"
    organizations:
      - "Sweden"
    username: "admin"
    password: "changeme"
    state: present

- name: LDAP Authentication with automatic registration
  theforeman.foreman.auth_source_ldap:
    name: "Example LDAP"
    host: "ldap.example.org"
    onthefly_register: True
    account: uid=ansible,cn=sysaccounts,cn=etc,dc=example,dc=com
    account_password: secret
    base_dn: dc=example,dc=com
    groups_base: cn=groups,cn=accounts, dc=example,dc=com
    server_type: free_ipa
    attr_login: uid
    attr_firstname: givenName
    attr_lastname: sn
    attr_mail: mail
    attr_photo: jpegPhoto
    server_url: "https://foreman.example.com"
    username: "admin"
    password: "changeme"
    state: present

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
entity
dictionary
success
Final state of the affected entities grouped by their type.

 
auth_source_ldaps
list / elements=dictionary
success
List of auth sources for LDAP.



Authors

  • Christoffer Reijer (@ephracis) Basalt AB