drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_user_ldap Configure LDAP server entries. | "added in version" 2.0.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_user_ldap (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager00 collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure LDAP server entries. fmgr_user_ldap: bypass_validation: False adom: ansible state: present user_ldap: dn: ansible-test name: ansible-test-ldap password: fortinet port: 9000 server: ansible
- name: gathering fortimanager facts hosts: fortimanager00 gather_facts: no connection: httpapi collections: - fortinet.fortimanager vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: retrieve all the LDAP server entries fmgr_fact: facts: selector: 'user_ldap' params: adom: 'ansible' ldap: 'your_value'
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list user_ldap: description: the top level parameters set required: false suboptions: account-key-filter: description: Account key filter, using the UPN as the search filter. type: str account-key-name: description: Account key name, using the UPN as the search filter. type: str account-key-processing: choices: - same - strip description: Account key processing operation, either keep or strip domain string of UPN in the token. type: str account-key-upn-san: choices: - othername - rfc822name - dnsname description: Define SAN in certificate for user principle name matching. type: str antiphish: choices: - disable - enable description: Enable/disable AntiPhishing credential backend. type: str ca-cert: description: CA certificate name. type: str client-cert: description: Client certificate name. type: str client-cert-auth: choices: - disable - enable description: Enable/disable using client certificate for TLS authentication. type: str cnid: description: Common name identifier for the LDAP server. type: str dn: description: Distinguished name used to look up entries on the LDAP server. type: str dynamic_mapping: description: Dynamic_Mapping. elements: dict suboptions: _scope: description: _Scope. elements: dict suboptions: name: description: Name. type: str vdom: description: Vdom. type: str type: list account-key-filter: description: Account key filter, using the UPN as the search filter. type: str account-key-name: description: Account-Key-Name. type: str account-key-processing: choices: - same - strip description: Account key processing operation, either keep or strip domain string of UPN in the token. type: str account-key-upn-san: choices: - othername - rfc822name - dnsname description: Define SAN in certificate for user principle name matching. type: str antiphish: choices: - disable - enable description: Enable/disable AntiPhishing credential backend. type: str ca-cert: description: CA certificate name. type: str client-cert: description: Client certificate name. type: str client-cert-auth: choices: - disable - enable description: Enable/disable using client certificate for TLS authentication. type: str cnid: description: Common name identifier for the LDAP server. type: str dn: description: Distinguished name used to look up entries on the LDAP server. type: str filter: description: Filter. type: str group: description: Group. type: str group-filter: description: Filter used for group matching. type: str group-member-check: choices: - user-attr - group-object - posix-group-object description: Group member checking methods. type: str group-object-filter: description: Filter used for group searching. type: str group-object-search-base: description: Group-Object-Search-Base. type: str group-search-base: description: Search base used for group searching. type: str interface: description: Specify outgoing interface to reach server. type: str interface-select-method: choices: - auto - sdwan - specify description: Specify how to select outgoing interface to reach server. type: str member-attr: description: Name of attribute from which to get group membership. type: str obtain-user-info: choices: - disable - enable description: Enable/disable obtaining of user information. type: str password: description: Password for initial binding. type: str password-attr: description: Name of attribute to get password hash. type: str password-expiry-warning: choices: - disable - enable description: Enable/disable password expiry warnings. type: str password-renewal: choices: - disable - enable description: Enable/disable online password renewal. type: str port: description: Port to be used for communication with the LDAP server type: int retrieve-protection-profile: description: Retrieve-Protection-Profile. type: str search-type: choices: - nested - recursive description: Search type. elements: str type: list secondary-server: description: Secondary LDAP server CN domain name or IP. type: str secure: choices: - disable - starttls - ldaps description: Port to be used for authentication. type: str server: description: LDAP server CN domain name or IP. type: str server-identity-check: choices: - disable - enable description: Enable/disable LDAP server identity check type: str source-ip: description: Source IP for communications to LDAP server. type: str source-port: description: Source port to be used for communication with the LDAP server. type: int ssl-min-proto-version: choices: - default - TLSv1 - TLSv1-1 - TLSv1-2 - SSLv3 description: Minimum supported protocol version for SSL/TLS connections type: str tertiary-server: description: Tertiary LDAP server CN domain name or IP. type: str two-factor: choices: - disable - fortitoken-cloud description: Enable/disable two-factor authentication. type: str two-factor-authentication: choices: - fortitoken - email - sms description: Authentication method by FortiToken Cloud. type: str two-factor-filter: description: Filter used to synchronize users to FortiToken Cloud. type: str two-factor-notification: choices: - email - sms description: Notification method for user activation by FortiToken Cloud. type: str type: choices: - simple - anonymous - regular description: Authentication type for LDAP searches. type: str user-info-exchange-server: description: MS Exchange server from which to fetch user information. type: str username: description: Username type: str type: list group-filter: description: Filter used for group matching. type: str group-member-check: choices: - user-attr - group-object - posix-group-object description: Group member checking methods. type: str group-object-filter: description: Filter used for group searching. type: str group-object-search-base: description: Search base used for group searching. type: str group-search-base: description: Search base used for group searching. type: str interface: description: Specify outgoing interface to reach server. type: str interface-select-method: choices: - auto - sdwan - specify description: Specify how to select outgoing interface to reach server. type: str member-attr: description: Name of attribute from which to get group membership. type: str name: description: LDAP server entry name. type: str obtain-user-info: choices: - disable - enable description: Enable/disable obtaining of user information. type: str password: description: Password for initial binding. type: str password-attr: description: Name of attribute to get password hash. type: str password-expiry-warning: choices: - disable - enable description: Enable/disable password expiry warnings. type: str password-renewal: choices: - disable - enable description: Enable/disable online password renewal. type: str port: description: Port to be used for communication with the LDAP server type: int search-type: choices: - nested - recursive description: Search type. elements: str type: list secondary-server: description: Secondary LDAP server CN domain name or IP. type: str secure: choices: - disable - starttls - ldaps description: Port to be used for authentication. type: str server: description: LDAP server CN domain name or IP. type: str server-identity-check: choices: - disable - enable description: Enable/disable LDAP server identity check type: str source-ip: description: Source IP for communications to LDAP server. type: str source-port: description: Source port to be used for communication with the LDAP server. type: int ssl-min-proto-version: choices: - default - TLSv1 - TLSv1-1 - TLSv1-2 - SSLv3 description: Minimum supported protocol version for SSL/TLS connections type: str tertiary-server: description: Tertiary LDAP server CN domain name or IP. type: str two-factor: choices: - disable - fortitoken-cloud description: Enable/disable two-factor authentication. type: str two-factor-authentication: choices: - fortitoken - email - sms description: Authentication method by FortiToken Cloud. type: str two-factor-filter: description: Filter used to synchronize users to FortiToken Cloud. type: str two-factor-notification: choices: - email - sms description: Notification method for user activation by FortiToken Cloud. type: str type: choices: - simple - anonymous - regular description: Authentication type for LDAP searches. type: str user-info-exchange-server: description: MS Exchange server from which to fetch user information. type: str username: description: Username type: str type: dict enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list