freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipaconfig Modify IPA global config options Authors: Chris Procter (@chr15p), Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipaconfig (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Modify IPA global config options
--- - name: Playbook to handle global configuration options hosts: ipaserver become: true tasks: - name: return current values of the global configuration options freeipa.ansible_freeipa.ipaconfig: ipaadmin_password: SomeADMINpassword register: result - name: display default login shell debug: msg: '{{ result.config.defaultshell[0] }}' - name: set defaultshell and maxusername freeipa.ansible_freeipa.ipaconfig: ipaadmin_password: SomeADMINpassword defaultshell: /bin/bash maxusername: 64
- name: Playbook to enable SID and generate users and groups SIDs hosts: ipaserver tasks: - name: Enable SID and generate users and groups SIDS freeipa.ansible_freeipa.ipaconfig: ipaadmin_password: SomeADMINpassword enable_sid: yes add_sids: yes
- name: Playbook to change IPA domain netbios name hosts: ipaserver tasks: - name: Enable SID and generate users and groups SIDS freeipa.ansible_freeipa.ipaconfig: ipaadmin_password: SomeADMINpassword enable_sid: yes netbios_name: IPADOM
add_sids: description: 'Add SIDs for existing users and groups. Requires IPA 4.9.8+ and SID generation to be activated. ' required: false type: bool pac_type: aliases: - ipakrbauthzdata choices: - MS-PAC - PAD - nfs:NONE - '' description: set default types of PAC supported for services elements: str required: false type: list enable_sid: description: 'New users and groups automatically get a SID assigned. Cannot be deactivated once activated. Requires IPA 4.9.8+. ' required: false type: bool usersearch: aliases: - ipausersearchfields description: - Set comma-separated list of fields to search for user search elements: str required: false type: list emaildomain: aliases: - ipadefaultemaildomain description: Set the default e-mail domain required: false type: str groupsearch: aliases: - ipagroupsearchfields description: - Set comma-separated list of fields to search for group search elements: str required: false type: list maxhostname: aliases: - ipamaxhostnamelength description: Set the maximum hostname length between 64-255 required: false type: int maxusername: aliases: - ipamaxusernamelength description: Set the maximum username length between 1-255 required: false type: int configstring: aliases: - ipaconfigstring choices: - AllowNThash - KDC:Disable Last Success - KDC:Disable Lockout - KDC:Disable Default Preauth for SPNs - '' description: Set extra hashes to generate in password plug-in elements: str required: false type: list defaultgroup: aliases: - ipadefaultprimarygroup description: Set the default group for new users required: false type: str defaultshell: aliases: - ipadefaultloginshell - loginshell description: Set the default shell for new users required: false type: str netbios_name: description: 'NetBIOS name of the IPA domain. Requires IPA 4.9.8+ and SID generation to be activated. ' required: false type: str pwdexpnotify: aliases: - ipapwdexpadvnotify description: - Set number of days's notice of impending password expiration - values 0 to 2147483647 required: false type: int homedirectory: aliases: - ipahomesrootdir description: Set the default location of home directories required: false type: str ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false type: str user_auth_type: aliases: - ipauserauthtype choices: - password - radius - otp - pkinit - hardened - idp - disabled - '' description: set default types of supported user authentication elements: str required: false type: list searchtimelimit: aliases: - ipasearchtimelimit description: - Set maximum amount of time (seconds) for a search - values -1 to 2147483647 (-1 or 0 is unlimited) required: false type: int enable_migration: aliases: - ipamigrationenabled description: Enable migration mode required: false type: bool ipaadmin_password: description: The admin password. required: false type: str ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool userobjectclasses: aliases: - ipauserobjectclasses description: Set default user objectclasses (comma-separated list) elements: str required: false type: list groupobjectclasses: aliases: - ipagroupobjectclasses description: Set default group objectclasses (comma-separated list) elements: str required: false type: list ipaadmin_principal: default: admin description: The admin principal. type: str searchrecordslimit: aliases: - ipasearchrecordslimit description: - Set maximum number of records to search - values -1 to 2147483647 (-1 or 0 is unlimited) required: false type: int selinuxusermaporder: aliases: - ipaselinuxusermaporder description: Set order in increasing priority of SELinux users elements: str required: false type: list selinuxusermapdefault: aliases: - ipaselinuxusermapdefault description: Set default SELinux user when no match found in map rule required: false type: str domain_resolution_order: aliases: - ipadomainresolutionorder description: set list of domains used for short name qualification elements: str required: false type: list ca_renewal_master_server: description: Renewal master for IPA certificate authority. required: false type: str
config: contains: ca_renewal_master_server: description: master for IPA certificate authority. returned: always type: str configstring: description: extra hashes to generate in password plug-in elements: str returned: always type: list defaultgroup: description: default group for new users returned: always type: str defaultshell: description: default shell for new users returned: always type: str domain_resolution_order: description: list of domains used for short name qualification elements: str returned: always type: list emaildomain: description: default e-mail domain returned: always type: str enable_migration: description: Enable migration mode returned: always type: bool enable_sid: description: 'new users and groups automatically get a SID assigned. Requires IPA 4.9.8+. ' returned: always type: str groupobjectclasses: description: default group objectclasses (comma-separated list) elements: str returned: always type: list groupsearch: description: list of fields to search in group search elements: str returned: always type: list homedirectory: description: default location of home directories returned: always type: str maxhostname: description: maximum hostname length returned: always type: int maxusername: description: maximum username length returned: always type: int netbios_name: description: NetBIOS name of the IPA domain. Requires IPA 4.9.8+. returned: if enable_sid is True type: str pac_type: description: default types of PAC supported for services elements: str returned: always type: list pwdexpnotify: description: number of days's notice of impending password expiration returned: always type: str searchrecordslimit: description: maximum number of records to search returned: always type: int searchtimelimit: description: maximum amount of time (seconds) for a search returned: always type: int selinuxusermapdefault: description: default SELinux user when no match is found in map rule returned: always type: str selinuxusermaporder: description: order in increasing priority of SELinux users elements: str returned: always type: list user_auth_type: description: default types of supported user authentication returned: always type: str userobjectclasses: description: default user objectclasses (comma-separated list) elements: str returned: always type: list usersearch: description: list of fields to search in user search elements: str returned: always type: list description: Dict of all global config options returned: When no options are set type: dict