Try SpotterSet passwords in LDAP
Authors: Keller Fuchs (@KellerFuchs)
Install with ansible-galaxy collection install community.general:==6.6.8
collections:
- name: community.general
version: 6.6.8Set a password for an LDAP entry. This module only asserts that a given password is valid for a given entry. To assert the existence of an entry, see M(community.general.ldap_entry).
- name: Set a password for the admin user
community.general.ldap_passwd:
dn: cn=admin,dc=example,dc=com
passwd: "{{ vault_secret }}"
- name: Setting passwords in bulk
community.general.ldap_passwd:
dn: "{{ item.key }}"
passwd: "{{ item.value }}"
with_dict:
alice: alice123123
bob: "|30b!"
admin: "{{ vault_secret }}"
dn:
description:
- The DN of the entry to add or remove.
required: true
type: str
passwd:
description:
- The (plaintext) password to be set for I(dn).
type: str
bind_dn:
description:
- A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism
as default.
- If this is blank, we'll use an anonymous bind.
type: str
bind_pw:
default: ''
description:
- The password to use with I(bind_dn).
type: str
ca_path:
description:
- Set the path to PEM file with CA certs.
type: path
version_added: 6.5.0
version_added_collection: community.general
start_tls:
default: false
description:
- If true, we'll use the START_TLS LDAP extension.
type: bool
sasl_class:
choices:
- external
- gssapi
default: external
description:
- The class to use for SASL authentication.
- Possible choices are C(external), C(gssapi).
type: str
version_added: 2.0.0
version_added_collection: community.general
server_uri:
default: ldapi:///
description:
- The I(server_uri) parameter may be a comma- or whitespace-separated list of URIs
containing only the schema, the host, and the port fields.
- The default value lets the underlying LDAP client library look for a UNIX domain
socket in its default location.
- Note that when using multiple URIs you cannot determine to which URI your client
gets connected.
- For URIs containing additional fields, particularly when using commas, behavior
is undefined.
type: str
validate_certs:
default: true
description:
- If set to C(false), SSL certificates will not be validated.
- This should only be used on sites using self-signed certificates.
type: bool
xorder_discovery:
choices:
- enable
- auto
- disable
default: auto
description:
- Set the behavior on how to process Xordered DNs.
- C(enable) will perform a C(ONELEVEL) search below the superior RDN to find the matching
DN.
- C(disable) will always use the DN unmodified (as passed by the I(dn) parameter).
- C(auto) will only perform a search if the first RDN does not contain an index number
(C({x})).
- Possible choices are C(enable), C(auto), C(disable).
type: str
version_added: 6.4.0
version_added_collection: community.general
referrals_chasing:
choices:
- disabled
- anonymous
default: anonymous
description:
- Set the referrals chasing behavior.
- C(anonymous) follow referrals anonymously. This is the default behavior.
- C(disabled) disable referrals chasing. This sets C(OPT_REFERRALS) to off.
type: str
version_added: 2.0.0
version_added_collection: community.general
modlist:
description: list of modified parameters
returned: success
sample:
- - 2
- olcRootDN
- - cn=root,dc=example,dc=com
type: list