ansible.builtin.ldap_entry (v2.3.0.0-1) — module

Install Ansible via pip

Install with pip install ansible==2.3.0.0.post1

Description

Add or remove LDAP entries. This module only asserts the existence or non-existence of an LDAP entry, not its attributes. To assert the attribute values of an entry, see M(ldap_attr).

Requirements

• python-ldap

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Make sure we have a parent entry for users
  ldap_entry:
    dn: ou=users,dc=example,dc=com
    objectClass: organizationalUnit

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Make sure we have an admin user
  ldap_entry:
    dn: cn=admin,dc=example,dc=com
    objectClass:
      - simpleSecurityObject
      - organizationalRole
    attributes:
      description: An LDAP administrator
      userPassword: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND"

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Get rid of an old entry
  ldap_entry:
    dn: ou=stuff,dc=example,dc=com
    state: absent
    server_uri: ldap://localhost/
    bind_dn: cn=admin,dc=example,dc=com
    bind_pw: password

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

#
# The same as in the previous example but with the authentication details
# stored in the ldap_auth variable:
#
# ldap_auth:
#   server_uri: ldap://localhost/
#   bind_dn: cn=admin,dc=example,dc=com
#   bind_pw: password
- name: Get rid of an old entry
  ldap_entry:
    dn: ou=stuff,dc=example,dc=com
    state: absent
    params: "{{ ldap_auth }}"

Inputs

    
dn:
    description:
    - The DN of the entry to add or remove.
    required: true

state:
    choices:
    - present
    - absent
    default: present
    description:
    - The target state of the entry.
    required: false

params:
    default: null
    description:
    - List of options which allows to overwrite any of the task or the I(attributes) options.
      To remove an option, set the value of the option to C(null).
    required: false

bind_dn:
    default: null
    description:
    - A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism.
      If this is blank, we'll use an anonymous bind.
    required: false

bind_pw:
    default: null
    description:
    - The password to use with I(bind_dn).
    required: false

start_tls:
    choices:
    - 'yes'
    - 'no'
    default: 'no'
    description:
    - If true, we'll use the START_TLS LDAP extension.
    required: false

attributes:
    default: null
    description:
    - If I(state=present), attributes necessary to create an entry. Existing entries are
      never modified. To assert specific attribute values on an existing entry, use M(ldap_attr)
      module instead.
    required: false

server_uri:
    default: ldapi:///
    description:
    - A URI to the LDAP server. The default value lets the underlying LDAP client library
      look for a UNIX domain socket in its default location.
    required: false

objectClass:
    default: null
    description:
    - If I(state=present), value or list of values to use when creating the entry. It
      can either be a string or an actual list of strings.
    required: false