Try SpotterModify IPA global config options
Authors: Chris Procter (@chr15p), Thomas Woerner (@t-woerner)
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections:
- name: freeipa.ansible_freeipa
version: 1.11.1Modify IPA global config options
---
- name: Playbook to handle global configuration options
hosts: ipaserver
become: true
tasks:
- name: return current values of the global configuration options
freeipa.ansible_freeipa.ipaconfig:
ipaadmin_password: SomeADMINpassword
register: result
- name: display default login shell
debug:
msg: '{{ result.config.defaultshell[0] }}'
- name: set defaultshell and maxusername
freeipa.ansible_freeipa.ipaconfig:
ipaadmin_password: SomeADMINpassword
defaultshell: /bin/bash
maxusername: 64
- name: Playbook to enable SID and generate users and groups SIDs
hosts: ipaserver
tasks:
- name: Enable SID and generate users and groups SIDS
freeipa.ansible_freeipa.ipaconfig:
ipaadmin_password: SomeADMINpassword
enable_sid: yes
add_sids: yes
- name: Playbook to change IPA domain netbios name
hosts: ipaserver
tasks:
- name: Enable SID and generate users and groups SIDS
freeipa.ansible_freeipa.ipaconfig:
ipaadmin_password: SomeADMINpassword
enable_sid: yes
netbios_name: IPADOM
add_sids:
description: 'Add SIDs for existing users and groups. Requires IPA 4.9.8+ and SID
generation to be activated.
'
required: false
type: bool
pac_type:
aliases:
- ipakrbauthzdata
choices:
- MS-PAC
- PAD
- nfs:NONE
- ''
description: set default types of PAC supported for services
elements: str
required: false
type: list
enable_sid:
description: 'New users and groups automatically get a SID assigned. Cannot be deactivated
once activated. Requires IPA 4.9.8+.
'
required: false
type: bool
usersearch:
aliases:
- ipausersearchfields
description:
- Set comma-separated list of fields to search for user search
elements: str
required: false
type: list
emaildomain:
aliases:
- ipadefaultemaildomain
description: Set the default e-mail domain
required: false
type: str
groupsearch:
aliases:
- ipagroupsearchfields
description:
- Set comma-separated list of fields to search for group search
elements: str
required: false
type: list
maxhostname:
aliases:
- ipamaxhostnamelength
description: Set the maximum hostname length between 64-255
required: false
type: int
maxusername:
aliases:
- ipamaxusernamelength
description: Set the maximum username length between 1-255
required: false
type: int
configstring:
aliases:
- ipaconfigstring
choices:
- AllowNThash
- KDC:Disable Last Success
- KDC:Disable Lockout
- KDC:Disable Default Preauth for SPNs
- ''
description: Set extra hashes to generate in password plug-in
elements: str
required: false
type: list
defaultgroup:
aliases:
- ipadefaultprimarygroup
description: Set the default group for new users
required: false
type: str
defaultshell:
aliases:
- ipadefaultloginshell
- loginshell
description: Set the default shell for new users
required: false
type: str
netbios_name:
description: 'NetBIOS name of the IPA domain. Requires IPA 4.9.8+ and SID generation
to be activated.
'
required: false
type: str
pwdexpnotify:
aliases:
- ipapwdexpadvnotify
description:
- Set number of days's notice of impending password expiration
- values 0 to 2147483647
required: false
type: int
homedirectory:
aliases:
- ipahomesrootdir
description: Set the default location of home directories
required: false
type: str
ipaapi_context:
choices:
- server
- client
description: 'The context in which the module will execute. Executing in a
server context is preferred. If not provided context will be
determined by the execution environment.
'
required: false
type: str
user_auth_type:
aliases:
- ipauserauthtype
choices:
- password
- radius
- otp
- pkinit
- hardened
- idp
- disabled
- ''
description: set default types of supported user authentication
elements: str
required: false
type: list
searchtimelimit:
aliases:
- ipasearchtimelimit
description:
- Set maximum amount of time (seconds) for a search
- values -1 to 2147483647 (-1 or 0 is unlimited)
required: false
type: int
enable_migration:
aliases:
- ipamigrationenabled
description: Enable migration mode
required: false
type: bool
ipaadmin_password:
description: The admin password.
required: false
type: str
ipaapi_ldap_cache:
default: true
description: Use LDAP cache for IPA connection.
type: bool
userobjectclasses:
aliases:
- ipauserobjectclasses
description: Set default user objectclasses (comma-separated list)
elements: str
required: false
type: list
groupobjectclasses:
aliases:
- ipagroupobjectclasses
description: Set default group objectclasses (comma-separated list)
elements: str
required: false
type: list
ipaadmin_principal:
default: admin
description: The admin principal.
type: str
searchrecordslimit:
aliases:
- ipasearchrecordslimit
description:
- Set maximum number of records to search
- values -1 to 2147483647 (-1 or 0 is unlimited)
required: false
type: int
selinuxusermaporder:
aliases:
- ipaselinuxusermaporder
description: Set order in increasing priority of SELinux users
elements: str
required: false
type: list
selinuxusermapdefault:
aliases:
- ipaselinuxusermapdefault
description: Set default SELinux user when no match found in map rule
required: false
type: str
domain_resolution_order:
aliases:
- ipadomainresolutionorder
description: set list of domains used for short name qualification
elements: str
required: false
type: list
ca_renewal_master_server:
description: Renewal master for IPA certificate authority.
required: false
type: str
config:
contains:
ca_renewal_master_server:
description: master for IPA certificate authority.
returned: always
type: str
configstring:
description: extra hashes to generate in password plug-in
elements: str
returned: always
type: list
defaultgroup:
description: default group for new users
returned: always
type: str
defaultshell:
description: default shell for new users
returned: always
type: str
domain_resolution_order:
description: list of domains used for short name qualification
elements: str
returned: always
type: list
emaildomain:
description: default e-mail domain
returned: always
type: str
enable_migration:
description: Enable migration mode
returned: always
type: bool
enable_sid:
description: 'new users and groups automatically get a SID assigned. Requires
IPA 4.9.8+.
'
returned: always
type: str
groupobjectclasses:
description: default group objectclasses (comma-separated list)
elements: str
returned: always
type: list
groupsearch:
description: list of fields to search in group search
elements: str
returned: always
type: list
homedirectory:
description: default location of home directories
returned: always
type: str
maxhostname:
description: maximum hostname length
returned: always
type: int
maxusername:
description: maximum username length
returned: always
type: int
netbios_name:
description: NetBIOS name of the IPA domain. Requires IPA 4.9.8+.
returned: if enable_sid is True
type: str
pac_type:
description: default types of PAC supported for services
elements: str
returned: always
type: list
pwdexpnotify:
description: number of days's notice of impending password expiration
returned: always
type: str
searchrecordslimit:
description: maximum number of records to search
returned: always
type: int
searchtimelimit:
description: maximum amount of time (seconds) for a search
returned: always
type: int
selinuxusermapdefault:
description: default SELinux user when no match is found in map rule
returned: always
type: str
selinuxusermaporder:
description: order in increasing priority of SELinux users
elements: str
returned: always
type: list
user_auth_type:
description: default types of supported user authentication
returned: always
type: str
userobjectclasses:
description: default user objectclasses (comma-separated list)
elements: str
returned: always
type: list
usersearch:
description: list of fields to search in user search
elements: str
returned: always
type: list
description: Dict of all global config options
returned: When no options are set
type: dict