Try SpotterManage FreeIPA groups
Authors: Thomas Woerner (@t-woerner)
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections:
- name: freeipa.ansible_freeipa
version: 1.11.1Manage FreeIPA groups
# Create group ops with gid 1234
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: ops
gidnumber: 1234
# Create group sysops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: sysops
# Create group appops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: appops
# Create multiple groups ops, sysops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
groups:
- name: ops
gidnumber: 1234
- name: sysops
# Add user member pinky to group sysops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: sysops
action: member
user:
- pinky
# Add user member brain to group sysops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: sysops
action: member
user:
- brain
# Add group members sysops and appops to group ops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: ops
group:
- sysops
- appops
# Add user and group members to groups sysops and appops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
groups:
- name: sysops
user:
- user1
- name: appops
group:
- group2
# Create a non-POSIX group
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: nongroup
nonposix: yes
# Turn a non-POSIX group into a POSIX group.
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: nonposix
posix: yes
# Create an external group and add members from a trust to it.
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
external: yes
externalmember:
- WINIPA\Web Users
- WINIPA\Developers
# Create multiple non-POSIX and external groups
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
groups:
- name: nongroup
nonposix: true
- name: extgroup
external: true
# Remove groups sysops, appops, ops and nongroup
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: sysops,appops,ops, nongroup
state: absent
gid:
aliases:
- gidnumber
description: The GID
required: false
type: int
name:
aliases:
- cn
description: The group name
elements: str
required: false
type: list
user:
description: List of user names assigned to this group.
elements: str
required: false
type: list
group:
description: List of group names assigned to this group.
elements: str
required: false
type: list
posix:
description: Create a non-POSIX group or change a non-POSIX to a posix group.
required: false
type: bool
state:
choices:
- present
- absent
default: present
description: State to ensure
type: str
action:
choices:
- member
- group
default: group
description: Work on group or member level
type: str
groups:
description: The list of group dicts (internally gid).
elements: dict
suboptions:
description:
description: The group description
required: false
type: str
external:
description: Allow adding external non-IPA members from trusted domains
required: false
type: bool
externalmember:
aliases:
- ipaexternalmember
- external_member
description:
- List of members of a trusted domain in DOM\name or name@domain form.
elements: str
required: false
type: list
gid:
aliases:
- gidnumber
description: The GID
required: false
type: int
group:
description: List of group names assigned to this group.
elements: str
required: false
type: list
idoverrideuser:
description:
- User ID overrides to add
elements: str
required: false
type: list
membermanager_group:
description:
- List of member manager groups assigned to this group.
- Only usable with IPA versions 4.8.4 and up.
elements: str
required: false
type: list
membermanager_user:
description:
- List of member manager users assigned to this group.
- Only usable with IPA versions 4.8.4 and up.
elements: str
required: false
type: list
name:
aliases:
- cn
description: The group (internally gid).
required: true
type: str
nomembers:
description: Suppress processing of membership attributes
required: false
type: bool
nonposix:
description: Create as a non-POSIX group
required: false
type: bool
posix:
description: Create a non-POSIX group or change a non-POSIX to a posix group.
required: false
type: bool
service:
description:
- List of service names assigned to this group.
- Only usable with IPA versions 4.7 and up.
elements: str
required: false
type: list
user:
description: List of user names assigned to this group.
elements: str
required: false
type: list
type: list
service:
description:
- List of service names assigned to this group.
- Only usable with IPA versions 4.7 and up.
elements: str
required: false
type: list
external:
description: Allow adding external non-IPA members from trusted domains
required: false
type: bool
nonposix:
description: Create as a non-POSIX group
required: false
type: bool
nomembers:
description: Suppress processing of membership attributes
required: false
type: bool
description:
description: The group description
required: false
type: str
externalmember:
aliases:
- ipaexternalmember
- external_member
description:
- List of members of a trusted domain in DOM\name or name@domain form.
elements: str
required: false
type: list
idoverrideuser:
description:
- User ID overrides to add
elements: str
required: false
type: list
ipaapi_context:
choices:
- server
- client
description: 'The context in which the module will execute. Executing in a
server context is preferred. If not provided context will be
determined by the execution environment.
'
required: false
type: str
ipaadmin_password:
description: The admin password.
required: false
type: str
ipaapi_ldap_cache:
default: true
description: Use LDAP cache for IPA connection.
type: bool
ipaadmin_principal:
default: admin
description: The admin principal.
type: str
membermanager_user:
description:
- List of member manager users assigned to this group.
- Only usable with IPA versions 4.8.4 and up.
elements: str
required: false
type: list
membermanager_group:
description:
- List of member manager groups assigned to this group.
- Only usable with IPA versions 4.8.4 and up.
elements: str
required: false
type: list