Try SpotterConfigure LDAP server entries.
| "added in version" 2.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager00
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure LDAP server entries.
fmgr_user_ldap:
bypass_validation: False
adom: ansible
state: present
user_ldap:
dn: ansible-test
name: ansible-test-ldap
password: fortinet
port: 9000
server: ansible
- name: gathering fortimanager facts
hosts: fortimanager00
gather_facts: no
connection: httpapi
collections:
- fortinet.fortimanager
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: retrieve all the LDAP server entries
fmgr_fact:
facts:
selector: 'user_ldap'
params:
adom: 'ansible'
ldap: 'your_value'
adom:
description: the parameter (adom) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
user_ldap:
description: the top level parameters set
required: false
suboptions:
account-key-filter:
description: Account key filter, using the UPN as the search filter.
type: str
account-key-name:
description: Account key name, using the UPN as the search filter.
type: str
account-key-processing:
choices:
- same
- strip
description: Account key processing operation, either keep or strip domain string
of UPN in the token.
type: str
account-key-upn-san:
choices:
- othername
- rfc822name
- dnsname
description: Define SAN in certificate for user principle name matching.
type: str
antiphish:
choices:
- disable
- enable
description: Enable/disable AntiPhishing credential backend.
type: str
ca-cert:
description: CA certificate name.
type: str
client-cert:
description: Client certificate name.
type: str
client-cert-auth:
choices:
- disable
- enable
description: Enable/disable using client certificate for TLS authentication.
type: str
cnid:
description: Common name identifier for the LDAP server.
type: str
dn:
description: Distinguished name used to look up entries on the LDAP server.
type: str
dynamic_mapping:
description: Dynamic_Mapping.
elements: dict
suboptions:
_scope:
description: _Scope.
elements: dict
suboptions:
name:
description: Name.
type: str
vdom:
description: Vdom.
type: str
type: list
account-key-filter:
description: Account key filter, using the UPN as the search filter.
type: str
account-key-name:
description: Account-Key-Name.
type: str
account-key-processing:
choices:
- same
- strip
description: Account key processing operation, either keep or strip domain
string of UPN in the token.
type: str
account-key-upn-san:
choices:
- othername
- rfc822name
- dnsname
description: Define SAN in certificate for user principle name matching.
type: str
antiphish:
choices:
- disable
- enable
description: Enable/disable AntiPhishing credential backend.
type: str
ca-cert:
description: CA certificate name.
type: str
client-cert:
description: Client certificate name.
type: str
client-cert-auth:
choices:
- disable
- enable
description: Enable/disable using client certificate for TLS authentication.
type: str
cnid:
description: Common name identifier for the LDAP server.
type: str
dn:
description: Distinguished name used to look up entries on the LDAP server.
type: str
filter:
description: Filter.
type: str
group:
description: Group.
type: str
group-filter:
description: Filter used for group matching.
type: str
group-member-check:
choices:
- user-attr
- group-object
- posix-group-object
description: Group member checking methods.
type: str
group-object-filter:
description: Filter used for group searching.
type: str
group-object-search-base:
description: Group-Object-Search-Base.
type: str
group-search-base:
description: Search base used for group searching.
type: str
interface:
description: Specify outgoing interface to reach server.
type: str
interface-select-method:
choices:
- auto
- sdwan
- specify
description: Specify how to select outgoing interface to reach server.
type: str
member-attr:
description: Name of attribute from which to get group membership.
type: str
obtain-user-info:
choices:
- disable
- enable
description: Enable/disable obtaining of user information.
type: str
password:
description: Password for initial binding.
type: str
password-attr:
description: Name of attribute to get password hash.
type: str
password-expiry-warning:
choices:
- disable
- enable
description: Enable/disable password expiry warnings.
type: str
password-renewal:
choices:
- disable
- enable
description: Enable/disable online password renewal.
type: str
port:
description: Port to be used for communication with the LDAP server
type: int
retrieve-protection-profile:
description: Retrieve-Protection-Profile.
type: str
search-type:
choices:
- nested
- recursive
description: Search type.
elements: str
type: list
secondary-server:
description: Secondary LDAP server CN domain name or IP.
type: str
secure:
choices:
- disable
- starttls
- ldaps
description: Port to be used for authentication.
type: str
server:
description: LDAP server CN domain name or IP.
type: str
server-identity-check:
choices:
- disable
- enable
description: Enable/disable LDAP server identity check
type: str
source-ip:
description: Source IP for communications to LDAP server.
type: str
source-port:
description: Source port to be used for communication with the LDAP server.
type: int
ssl-min-proto-version:
choices:
- default
- TLSv1
- TLSv1-1
- TLSv1-2
- SSLv3
description: Minimum supported protocol version for SSL/TLS connections
type: str
tertiary-server:
description: Tertiary LDAP server CN domain name or IP.
type: str
two-factor:
choices:
- disable
- fortitoken-cloud
description: Enable/disable two-factor authentication.
type: str
two-factor-authentication:
choices:
- fortitoken
- email
- sms
description: Authentication method by FortiToken Cloud.
type: str
two-factor-filter:
description: Filter used to synchronize users to FortiToken Cloud.
type: str
two-factor-notification:
choices:
- email
- sms
description: Notification method for user activation by FortiToken Cloud.
type: str
type:
choices:
- simple
- anonymous
- regular
description: Authentication type for LDAP searches.
type: str
user-info-exchange-server:
description: MS Exchange server from which to fetch user information.
type: str
username:
description: Username
type: str
type: list
group-filter:
description: Filter used for group matching.
type: str
group-member-check:
choices:
- user-attr
- group-object
- posix-group-object
description: Group member checking methods.
type: str
group-object-filter:
description: Filter used for group searching.
type: str
group-object-search-base:
description: Search base used for group searching.
type: str
group-search-base:
description: Search base used for group searching.
type: str
interface:
description: Specify outgoing interface to reach server.
type: str
interface-select-method:
choices:
- auto
- sdwan
- specify
description: Specify how to select outgoing interface to reach server.
type: str
member-attr:
description: Name of attribute from which to get group membership.
type: str
name:
description: LDAP server entry name.
type: str
obtain-user-info:
choices:
- disable
- enable
description: Enable/disable obtaining of user information.
type: str
password:
description: Password for initial binding.
type: str
password-attr:
description: Name of attribute to get password hash.
type: str
password-expiry-warning:
choices:
- disable
- enable
description: Enable/disable password expiry warnings.
type: str
password-renewal:
choices:
- disable
- enable
description: Enable/disable online password renewal.
type: str
port:
description: Port to be used for communication with the LDAP server
type: int
search-type:
choices:
- nested
- recursive
description: Search type.
elements: str
type: list
secondary-server:
description: Secondary LDAP server CN domain name or IP.
type: str
secure:
choices:
- disable
- starttls
- ldaps
description: Port to be used for authentication.
type: str
server:
description: LDAP server CN domain name or IP.
type: str
server-identity-check:
choices:
- disable
- enable
description: Enable/disable LDAP server identity check
type: str
source-ip:
description: Source IP for communications to LDAP server.
type: str
source-port:
description: Source port to be used for communication with the LDAP server.
type: int
ssl-min-proto-version:
choices:
- default
- TLSv1
- TLSv1-1
- TLSv1-2
- SSLv3
description: Minimum supported protocol version for SSL/TLS connections
type: str
tertiary-server:
description: Tertiary LDAP server CN domain name or IP.
type: str
two-factor:
choices:
- disable
- fortitoken-cloud
description: Enable/disable two-factor authentication.
type: str
two-factor-authentication:
choices:
- fortitoken
- email
- sms
description: Authentication method by FortiToken Cloud.
type: str
two-factor-filter:
description: Filter used to synchronize users to FortiToken Cloud.
type: str
two-factor-notification:
choices:
- email
- sms
description: Notification method for user activation by FortiToken Cloud.
type: str
type:
choices:
- simple
- anonymous
- regular
description: Authentication type for LDAP searches.
type: str
user-info-exchange-server:
description: MS Exchange server from which to fetch user information.
type: str
username:
description: Username
type: str
type: dict
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list