ansible / ansible.builtin / v2.9.3 / module / ldap_entry Add or remove LDAP entries. | "added in version" 2.3 of ansible.builtin" Authors: Jiri Tyr (@jtyr) preview | supported by communityansible.builtin.ldap_entry (v2.9.3) — module
pip
Install with pip install ansible==2.9.3
Add or remove LDAP entries. This module only asserts the existence or non-existence of an LDAP entry, not its attributes. To assert the attribute values of an entry, see M(ldap_attr).
- name: Make sure we have a parent entry for users ldap_entry: dn: ou=users,dc=example,dc=com objectClass: organizationalUnit
- name: Make sure we have an admin user ldap_entry: dn: cn=admin,dc=example,dc=com objectClass: - simpleSecurityObject - organizationalRole attributes: description: An LDAP administrator userPassword: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND"
- name: Get rid of an old entry ldap_entry: dn: ou=stuff,dc=example,dc=com state: absent server_uri: ldap://localhost/ bind_dn: cn=admin,dc=example,dc=com bind_pw: password
# # The same as in the previous example but with the authentication details # stored in the ldap_auth variable: # # ldap_auth: # server_uri: ldap://localhost/ # bind_dn: cn=admin,dc=example,dc=com # bind_pw: password - name: Get rid of an old entry ldap_entry: dn: ou=stuff,dc=example,dc=com state: absent params: "{{ ldap_auth }}"
dn: description: - The DN of the entry to add or remove. required: true type: str state: choices: - present - absent default: present description: - The target state of the entry. params: description: - List of options which allows to overwrite any of the task or the I(attributes) options. To remove an option, set the value of the option to C(null). bind_dn: description: - A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism as default. - If this is blank, we'll use an anonymous bind. type: str bind_pw: default: '' description: - The password to use with I(bind_dn). type: str ca_path: description: - Set the path to PEM file with CA certs. type: path version_added: 6.5.0 version_added_collection: community.general start_tls: default: false description: - If true, we'll use the START_TLS LDAP extension. type: bool attributes: description: - If I(state=present), attributes necessary to create an entry. Existing entries are never modified. To assert specific attribute values on an existing entry, use M(ldap_attr) module instead. sasl_class: choices: - external - gssapi default: external description: - The class to use for SASL authentication. - Possible choices are C(external), C(gssapi). type: str version_added: 2.0.0 version_added_collection: community.general server_uri: default: ldapi:/// description: - The I(server_uri) parameter may be a comma- or whitespace-separated list of URIs containing only the schema, the host, and the port fields. - The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location. - Note that when using multiple URIs you cannot determine to which URI your client gets connected. - For URIs containing additional fields, particularly when using commas, behavior is undefined. type: str objectClass: description: - If I(state=present), value or list of values to use when creating the entry. It can either be a string or an actual list of strings. validate_certs: default: true description: - If set to C(false), SSL certificates will not be validated. - This should only be used on sites using self-signed certificates. type: bool xorder_discovery: choices: - enable - auto - disable default: auto description: - Set the behavior on how to process Xordered DNs. - C(enable) will perform a C(ONELEVEL) search below the superior RDN to find the matching DN. - C(disable) will always use the DN unmodified (as passed by the I(dn) parameter). - C(auto) will only perform a search if the first RDN does not contain an index number (C({x})). - Possible choices are C(enable), C(auto), C(disable). type: str version_added: 6.4.0 version_added_collection: community.general referrals_chasing: choices: - disabled - anonymous default: anonymous description: - Set the referrals chasing behavior. - C(anonymous) follow referrals anonymously. This is the default behavior. - C(disabled) disable referrals chasing. This sets C(OPT_REFERRALS) to off. type: str version_added: 2.0.0 version_added_collection: community.general