community.general.ldap_attr (2.5.9) — module

Install collection

Install with ansible-galaxy collection install community.general:==2.5.9

Add to requirements.yml

  collections:
    - name: community.general
      version: 2.5.9

Description

Add or remove LDAP attribute values.

Requirements

• python-ldap

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Configure directory number 1 for example.com
  community.general.ldap_attr:
    dn: olcDatabase={1}hdb,cn=config
    name: olcSuffix
    values: dc=example,dc=com
    state: exact

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# The complex argument format is required here to pass a list of ACL strings.
- name: Set up the ACL
  community.general.ldap_attr:
    dn: olcDatabase={1}hdb,cn=config
    name: olcAccess
    values:
      - >-
        {0}to attrs=userPassword,shadowLastChange
        by self write
        by anonymous auth
        by dn="cn=admin,dc=example,dc=com" write
        by * none'
      - >-
        {1}to dn.base="dc=example,dc=com"
        by dn="cn=admin,dc=example,dc=com" write
        by * read
    state: exact

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Declare some indexes
  community.general.ldap_attr:
    dn: olcDatabase={1}hdb,cn=config
    name: olcDbIndex
    values: "{{ item }}"
  with_items:
    - objectClass eq
    - uid eq

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Set up a root user, which we can use later to bootstrap the directory
  community.general.ldap_attr:
    dn: olcDatabase={1}hdb,cn=config
    name: "{{ item.key }}"
    values: "{{ item.value }}"
    state: exact
  with_dict:
    olcRootDN: cn=root,dc=example,dc=com
    olcRootPW: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND"

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Get rid of an unneeded attribute
  community.general.ldap_attr:
    dn: uid=jdoe,ou=people,dc=example,dc=com
    name: shadowExpire
    values: []
    state: exact
    server_uri: ldap://localhost/
    bind_dn: cn=admin,dc=example,dc=com
    bind_pw: password

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

#
# The same as in the previous example but with the authentication details
# stored in the ldap_auth variable:
#
# ldap_auth:
#   server_uri: ldap://localhost/
#   bind_dn: cn=admin,dc=example,dc=com
#   bind_pw: password
#
# In the example below, 'args' is a task keyword, passed at the same level as the module
- name: Get rid of an unneeded attribute
  community.general.ldap_attr:
    dn: uid=jdoe,ou=people,dc=example,dc=com
    name: shadowExpire
    values: []
    state: exact
  args: "{{ ldap_auth }}"

Inputs

    
dn:
    description:
    - The DN of the entry to add or remove.
    required: true
    type: str

name:
    description:
    - The name of the attribute to modify.
    required: true
    type: str

state:
    choices:
    - absent
    - exact
    - present
    default: present
    description:
    - The state of the attribute values.
    - If C(present), all given values will be added if they're missing.
    - If C(absent), all given values will be removed if present.
    - If C(exact), the set of values will be forced to exactly those provided and no others.
    - If I(state=exact) and I(value) is an empty list, all values for this attribute will
      be removed.
    type: str

values:
    description:
    - The value(s) to add or remove. This can be a string or a list of strings. The complex
      argument format is required in order to pass a list of strings (see examples).
    required: true
    type: raw

bind_dn:
    description:
    - A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism
      as default.
    - If this is blank, we'll use an anonymous bind.
    type: str

bind_pw:
    description:
    - The password to use with I(bind_dn).
    type: str

start_tls:
    default: false
    description:
    - If true, we'll use the START_TLS LDAP extension.
    type: bool

sasl_class:
    choices:
    - external
    - gssapi
    default: external
    description:
    - The class to use for SASL authentication.
    - possible choices are C(external), C(gssapi).
    type: str
    version_added: 2.0.0
    version_added_collection: community.general

server_uri:
    default: ldapi:///
    description:
    - A URI to the LDAP server.
    - The default value lets the underlying LDAP client library look for a UNIX domain
      socket in its default location.
    type: str

validate_certs:
    default: true
    description:
    - If set to C(no), SSL certificates will not be validated.
    - This should only be used on sites using self-signed certificates.
    type: bool

referrals_chasing:
    choices:
    - disabled
    - anonymous
    default: anonymous
    description:
    - Set the referrals chasing behavior.
    - C(anonymous) follow referrals anonymously. This is the default behavior.
    - C(disabled) disable referrals chasing. This sets C(OPT_REFERRALS) to off.
    type: str
    version_added: 2.0.0
    version_added_collection: community.general

Outputs

modlist:
  description: list of modified parameters
  returned: success
  sample: '[[2, "olcRootDN", ["cn=root,dc=example,dc=com"]]]'
  type: list