Try SpotterAdd or remove LDAP entries.
| "added in version" 2.3 of ansible.builtin"
Authors: Jiri Tyr (@jtyr)
preview | supported by community
pipInstall with pip install ansible==2.9.27
Add or remove LDAP entries. This module only asserts the existence or non-existence of an LDAP entry, not its attributes. To assert the attribute values of an entry, see M(ldap_attr).
- name: Make sure we have a parent entry for users
ldap_entry:
dn: ou=users,dc=example,dc=com
objectClass: organizationalUnit
- name: Make sure we have an admin user
ldap_entry:
dn: cn=admin,dc=example,dc=com
objectClass:
- simpleSecurityObject
- organizationalRole
attributes:
description: An LDAP administrator
userPassword: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND"
- name: Get rid of an old entry
ldap_entry:
dn: ou=stuff,dc=example,dc=com
state: absent
server_uri: ldap://localhost/
bind_dn: cn=admin,dc=example,dc=com
bind_pw: password
#
# The same as in the previous example but with the authentication details
# stored in the ldap_auth variable:
#
# ldap_auth:
# server_uri: ldap://localhost/
# bind_dn: cn=admin,dc=example,dc=com
# bind_pw: password
#
# In the example below, 'args' is a task keyword, passed at the same level as the module
- name: Get rid of an old entry
ldap_entry:
dn: ou=stuff,dc=example,dc=com
state: absent
args: "{{ ldap_auth }}"
dn:
description:
- The DN of the entry to add or remove.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- The target state of the entry.
bind_dn:
description:
- A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism
as default.
- If this is blank, we'll use an anonymous bind.
type: str
bind_pw:
description:
- The password to use with I(bind_dn).
type: str
start_tls:
default: false
description:
- If true, we'll use the START_TLS LDAP extension.
type: bool
attributes:
description:
- If I(state=present), attributes necessary to create an entry. Existing entries are
never modified. To assert specific attribute values on an existing entry, use M(ldap_attr)
module instead.
sasl_class:
choices:
- external
- gssapi
default: external
description:
- The class to use for SASL authentication.
- possible choices are C(external), C(gssapi).
type: str
version_added: 2.0.0
version_added_collection: community.general
server_uri:
default: ldapi:///
description:
- The I(server_uri) parameter may be a comma- or whitespace-separated list of URIs
containing only the schema, the host, and the port fields.
- The default value lets the underlying LDAP client library look for a UNIX domain
socket in its default location.
- Note that when using multiple URIs you cannot determine to which URI your client
gets connected.
- For URIs containing additional fields, particularly when using commas, behavior
is undefined.
type: str
objectClass:
description:
- If I(state=present), value or list of values to use when creating the entry. It
can either be a string or an actual list of strings.
validate_certs:
default: true
description:
- If set to C(no), SSL certificates will not be validated.
- This should only be used on sites using self-signed certificates.
type: bool
referrals_chasing:
choices:
- disabled
- anonymous
default: anonymous
description:
- Set the referrals chasing behavior.
- C(anonymous) follow referrals anonymously. This is the default behavior.
- C(disabled) disable referrals chasing. This sets C(OPT_REFERRALS) to off.
type: str
version_added: 2.0.0
version_added_collection: community.general