Try SpotterUpdate Zabbix authentication
| "added in version" 1.6.0 of community.zabbix"
Authors: ONODERA Masaru(@masa-orca)
Install with ansible-galaxy collection install community.zabbix:==1.8.0
collections:
- name: community.zabbix
version: 1.8.0This module allows you to modify Zabbix authentication setting.
- name: Update all authentication setting
zabbix_authentication:
server_url: "http://zabbix.example.com/zabbix/"
login_user: Admin
login_password: secret
authentication_type: internal
http_auth_enabled: true
http_login_form: zabbix_login_form
http_strip_domains:
- comp
- any
http_case_sensitive: true
ldap_configured: true
ldap_host: 'ldap://localhost'
ldap_port: 389
ldap_base_dn: 'ou=Users,ou=system'
ldap_search_attribute: 'uid'
ldap_bind_dn: 'uid=ldap_search,ou=system'
ldap_case_sensitive: true
ldap_bind_password: 'password'
saml_auth_enabled: true
saml_idp_entityid: ''
saml_sso_url: 'https://localhost/SAML2/SSO'
saml_slo_url: 'https://localhost/SAML2/SLO'
saml_username_attribute: 'uid'
saml_sp_entityid: 'https://localhost'
saml_nameid_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
saml_sign_messages: true
saml_sign_assertions: true
saml_sign_authn_requests: true
saml_sign_logout_requests: true
saml_sign_logout_responses: true
saml_encrypt_nameid: true
saml_encrypt_assertions: true
saml_case_sensitive: true
passwd_min_length: 70
passwd_check_rules:
- contain_uppercase_and_lowercase_letters
- contain_digits
- contain_special_characters
- avoid_easy_to_guess
timeout:
default: 10
description:
- The timeout of API request (seconds).
type: int
ldap_host:
description:
- LDAP server name.
- e.g. C(ldap://ldap.zabbix.com)
- This setting is required if current value of I(ldap_configured) is C(false).
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: str
ldap_port:
description:
- A port number of LDAP server.
- This setting is required if current value of I(ldap_configured) is C(false).
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: int
login_user:
description:
- Zabbix user name.
- If not set the environment variable C(ZABBIX_USERNAME) will be used.
required: true
type: str
server_url:
aliases:
- url
description:
- URL of Zabbix server, with protocol (http or https). C(url) is an alias for C(server_url).
- If not set the environment variable C(ZABBIX_SERVER) will be used.
required: true
type: str
ldap_base_dn:
description:
- Base DN of LDAP.
- This setting is required if current value of I(ldap_configured) is C(false).
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: str
ldap_bind_dn:
description:
- Bind DN of LDAP.
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: str
saml_slo_url:
description:
- URL for SAML single logout service.
required: false
type: str
saml_sso_url:
description:
- URL for single sign on service of SAML.
- This setting is required if current value of I(saml_auth_enabled) is C(false).
required: false
type: str
login_password:
description:
- Zabbix user password.
- If not set the environment variable C(ZABBIX_PASSWORD) will be used.
required: true
type: str
validate_certs:
default: true
description:
- If set to False, SSL certificates will not be validated. This should only be used
on personally controlled sites using self-signed certificates.
- If not set the environment variable C(ZABBIX_VALIDATE_CERTS) will be used.
type: bool
http_login_form:
choices:
- zabbix_login_form
- http_login_form
description:
- Choose default login form.
required: false
type: str
http_login_user:
description:
- Basic Auth login
type: str
ldap_configured:
description:
- LDAP authentication will be enabled if C(true).
required: false
type: bool
saml_sp_entityid:
description:
- Entity ID of SAML service provider.
- This setting is required if current value of I(saml_auth_enabled) is C(false).
required: false
type: str
http_auth_enabled:
description:
- HTTP authentication will be enabled if C(true).
required: false
type: bool
passwd_min_length:
description:
- Minimal length of password.
- Choose from 1-70.
- This parameter is available since Zabbix 6.0.
required: false
type: int
saml_auth_enabled:
description:
- SAML authentication will be enabled if C(true).
required: false
type: bool
saml_idp_entityid:
description:
- SAML identify provider's entity ID.
- This setting is required if current value of I(saml_auth_enabled) is C(false).
required: false
type: str
http_strip_domains:
description:
- A list of domain names that should be removed from the username.
elements: str
required: false
type: list
ldap_bind_password:
description:
- Bind password of LDAP.
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: str
ldap_userdirectory:
description:
- LDAP authentication default user directory name for user groups with gui_access
set to LDAP or System default.
- Required to be set when C(ldap_configured) is set to 1.
required: false
type: str
passwd_check_rules:
description:
- Checking password rules.
- Select multiple from C(contain_uppercase_and_lowercase_letters), C(contain_digits).
C(contain_special_characters) and C(avoid_easy_to_guess).
- This parameter is available since Zabbix 6.0.
elements: str
required: false
type: list
saml_nameid_format:
description:
- Name identifier format of SAML service provider.
required: false
type: str
saml_sign_messages:
description:
- SAML sign messages will be enabled if C(true).
required: false
type: bool
authentication_type:
choices:
- internal
- ldap
description:
- Choose default authentication type.
required: false
type: str
http_case_sensitive:
description:
- Case sensitive login for HTTP authentication will be enabled if C(true).
required: false
type: bool
http_login_password:
description:
- Basic Auth password
type: str
ldap_case_sensitive:
description:
- case sensitive login for LDAP authentication will be enabled if C(true).
required: false
type: bool
saml_case_sensitive:
description:
- Case sensitive login for SAML authentication will be enabled if C(true).
required: false
type: bool
saml_encrypt_nameid:
description:
- SAML encrypt name ID will be enabled if C(true).
required: false
type: bool
saml_sign_assertions:
description:
- SAML sign assertions will be enabled if C(true).
required: false
type: bool
ldap_search_attribute:
description:
- Search attribute of LDAP.
- This setting is required if current value of I(ldap_configured) is C(false).
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: str
saml_encrypt_assertions:
description:
- SAML encrypt assertions will be enabled if C(true).
required: false
type: bool
saml_username_attribute:
description:
- User name attribute of SAML.
- This setting is required if current value of I(saml_auth_enabled) is C(false).
required: false
type: str
saml_sign_authn_requests:
description:
- SAML sign AuthN requests will be enabled if C(true).
required: false
type: bool
saml_sign_logout_requests:
description:
- SAML sign logout requests will be enabled if C(true).
required: false
type: bool
saml_sign_logout_responses:
description:
- SAML sign logout responses will be enabled if C(true).
required: false
type: bool
msg: description: The result of the operation returned: success sample: Successfully update authentication setting type: str