community / community.general / 0.1.1 / module / ldap_attr
Removed in 2.14
Reason:The current "ldap_attr" module does not support LDAP attribute insertions or deletions with objectClass dependencies. | Alternative:Use M(ldap_attrs) instead. Deprecated in 2.10.
Add or remove LDAP attribute values
Authors: Jiri Tyr (@jtyr)
deprecated | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections: - name: community.general version: 0.1.1
Add or remove LDAP attribute values.
- name: Configure directory number 1 for example.com ldap_attr: dn: olcDatabase={1}hdb,cn=config name: olcSuffix values: dc=example,dc=com state: exact
# The complex argument format is required here to pass a list of ACL strings. - name: Set up the ACL ldap_attr: dn: olcDatabase={1}hdb,cn=config name: olcAccess values: - >- {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=com" write by * none' - >- {1}to dn.base="dc=example,dc=com" by dn="cn=admin,dc=example,dc=com" write by * read state: exact
- name: Declare some indexes ldap_attr: dn: olcDatabase={1}hdb,cn=config name: olcDbIndex values: "{{ item }}" with_items: - objectClass eq - uid eq
- name: Set up a root user, which we can use later to bootstrap the directory ldap_attr: dn: olcDatabase={1}hdb,cn=config name: "{{ item.key }}" values: "{{ item.value }}" state: exact with_dict: olcRootDN: cn=root,dc=example,dc=com olcRootPW: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND"
- name: Get rid of an unneeded attribute ldap_attr: dn: uid=jdoe,ou=people,dc=example,dc=com name: shadowExpire values: [] state: exact server_uri: ldap://localhost/ bind_dn: cn=admin,dc=example,dc=com bind_pw: password
# # The same as in the previous example but with the authentication details # stored in the ldap_auth variable: # # ldap_auth: # server_uri: ldap://localhost/ # bind_dn: cn=admin,dc=example,dc=com # bind_pw: password - name: Get rid of an unneeded attribute ldap_attr: dn: uid=jdoe,ou=people,dc=example,dc=com name: shadowExpire values: [] state: exact params: "{{ ldap_auth }}"
dn: description: - The DN of the entry to add or remove. required: true type: str name: description: - The name of the attribute to modify. required: true type: str state: choices: - absent - exact - present default: present description: - The state of the attribute values. - If C(present), all given values will be added if they're missing. - If C(absent), all given values will be removed if present. - If C(exact), the set of values will be forced to exactly those provided and no others. - If I(state=exact) and I(value) is an empty list, all values for this attribute will be removed. type: str params: description: - Additional module parameters. type: dict values: description: - The value(s) to add or remove. This can be a string or a list of strings. The complex argument format is required in order to pass a list of strings (see examples). required: true type: raw bind_dn: description: - A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism. - If this is blank, we'll use an anonymous bind. type: str bind_pw: description: - The password to use with I(bind_dn). type: str start_tls: default: false description: - If true, we'll use the START_TLS LDAP extension. type: bool server_uri: default: ldapi:/// description: - A URI to the LDAP server. - The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location. type: str validate_certs: default: true description: - If set to C(no), SSL certificates will not be validated. - This should only be used on sites using self-signed certificates. type: bool
modlist: description: list of modified parameters returned: success sample: '[[2, "olcRootDN", ["cn=root,dc=example,dc=com"]]]' type: list