/ home / community / community.general / 8.5.0 / module / ldap_search

community.general.ldap_search (8.5.0) — module

Search for entries in a LDAP server

| "added in version" 0.2.0 of community.general"

Authors: Sebastian Pfahl (@eryx12o45)

Install collection

Install with ansible-galaxy collection install community.general:==8.5.0

Add to requirements.yml

  collections:
    - name: community.general
      version: 8.5.0

Description

Return the results of an LDAP search.

Requirements

python-ldap

Usage examples

Scanned by Steampunk Spotter

- name: Return all entries within the 'groups' organizational unit.
  community.general.ldap_search:
    dn: "ou=groups,dc=example,dc=com"
  register: ldap_groups

Scanned by Steampunk Spotter

- name: Return GIDs for all groups
  community.general.ldap_search:
    dn: "ou=groups,dc=example,dc=com"
    scope: "onelevel"
    attrs:
      - "gidNumber"
  register: ldap_group_gids

Inputs

    
dn:
    description:
    - The LDAP DN to search in.
    required: true
    type: str

attrs:
    description:
    - A list of attributes for limiting the result. Use an actual list or a comma-separated
      string.
    elements: str
    type: list

scope:
    choices:
    - base
    - onelevel
    - subordinate
    - children
    default: base
    description:
    - The LDAP scope to use.
    type: str

filter:
    default: (objectClass=*)
    description:
    - Used for filtering the LDAP search result.
    type: str

schema:
    default: false
    description:
    - Set to V(true) to return the full attribute schema of entries, not their attribute
      values. Overrides O(attrs) when provided.
    type: bool

bind_dn:
    description:
    - A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism
      as default.
    - If this is blank, we'll use an anonymous bind.
    type: str

bind_pw:
    default: ''
    description:
    - The password to use with O(bind_dn).
    type: str

ca_path:
    description:
    - Set the path to PEM file with CA certs.
    type: path
    version_added: 6.5.0
    version_added_collection: community.general

page_size:
    default: 0
    description:
    - The page size when performing a simple paged result search (RFC 2696). This setting
      can be tuned to reduce issues with timeouts and server limits.
    - Setting the page size to V(0) (default) disables paged searching.
    type: int
    version_added: 7.1.0
    version_added_collection: community.general

start_tls:
    default: false
    description:
    - If true, we'll use the START_TLS LDAP extension.
    type: bool

client_key:
    description:
    - PEM formatted file that contains your private key to be used for SSL client authentication.
    - Required if O(client_cert) is defined.
    type: path
    version_added: 7.1.0
    version_added_collection: community.general

sasl_class:
    choices:
    - external
    - gssapi
    default: external
    description:
    - The class to use for SASL authentication.
    type: str
    version_added: 2.0.0
    version_added_collection: community.general

server_uri:
    default: ldapi:///
    description:
    - The O(server_uri) parameter may be a comma- or whitespace-separated list of URIs
      containing only the schema, the host, and the port fields.
    - The default value lets the underlying LDAP client library look for a UNIX domain
      socket in its default location.
    - Note that when using multiple URIs you cannot determine to which URI your client
      gets connected.
    - For URIs containing additional fields, particularly when using commas, behavior
      is undefined.
    type: str

client_cert:
    description:
    - PEM formatted certificate chain file to be used for SSL client authentication.
    - Required if O(client_key) is defined.
    type: path
    version_added: 7.1.0
    version_added_collection: community.general

validate_certs:
    default: true
    description:
    - If set to V(false), SSL certificates will not be validated.
    - This should only be used on sites using self-signed certificates.
    type: bool

xorder_discovery:
    choices:
    - enable
    - auto
    - disable
    default: auto
    description:
    - Set the behavior on how to process Xordered DNs.
    - V(enable) will perform a C(ONELEVEL) search below the superior RDN to find the matching
      DN.
    - V(disable) will always use the DN unmodified (as passed by the O(dn) parameter).
    - V(auto) will only perform a search if the first RDN does not contain an index number
      (C({x})).
    type: str
    version_added: 6.4.0
    version_added_collection: community.general

base64_attributes:
    description:
    - If provided, all attribute values returned that are listed in this option will be
      Base64 encoded.
    - If the special value V(*) appears in this list, all attributes will be Base64 encoded.
    - All other attribute values will be converted to UTF-8 strings. If they contain binary
      data, please note that invalid UTF-8 bytes will be omitted.
    elements: str
    type: list
    version_added: 7.0.0
    version_added_collection: community.general

referrals_chasing:
    choices:
    - disabled
    - anonymous
    default: anonymous
    description:
    - Set the referrals chasing behavior.
    - V(anonymous) follow referrals anonymously. This is the default behavior.
    - V(disabled) disable referrals chasing. This sets C(OPT_REFERRALS) to off.
    type: str
    version_added: 2.0.0
    version_added_collection: community.general