freeipa.ansible_freeipa.ipaidrange (1.11.1) — module

Manage FreeIPA idrange

Authors: Rafael Guterres Jeffman (@rjeffman), Thomas Woerner (@t-woerner)

preview | supported by community

Install collection

Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1


Add to requirements.yml

  collections:
    - name: freeipa.ansible_freeipa
      version: 1.11.1

Description

Manage FreeIPA idrange

Usage examples

1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure local domain idrange is present
- freeipa.ansible_freeipa.ipaidrange:
    ipaadmin_password: SomeADMINpassword
    name: id_range
    base_id: 150000000
    range_size: 200000
    rid_base: 1000000
    secondary_rid_base: 200000000
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure local domain idrange is absent
- freeipa.ansible_freeipa.ipaidrange:
    ipaadmin_password: SomeADMINpassword
    name: id_range
    state: absent
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure AD-trust idrange is present
- freeipa.ansible_freeipa.ipaidrange:
    name: id_range
    base_id: 150000000
    range_size: 200000
    rid_base: 1000000
    idrange_type: ipa-ad-trust
    dom_sid: S-1-5-21-2870384104-3340008087-3140804251
    auto_private_groups: "false"
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure AD-trust idrange is present, with range type ad-trust-posix,
# and using domain name
- freeipa.ansible_freeipa.ipaidrange:
    name: id_range
    base_id: 150000000
    range_size: 200000
    rid_base: 1000000
    idrange_type: ipa-ad-trust-posix
    dom_name: ad.ipa.test
    auto_private_groups: "hybrid"

Inputs

    
name:
    aliases:
    - cn
    description: The list of idrange name strings.
    elements: str
    required: true
    type: list

state:
    choices:
    - present
    - absent
    default: present
    description: The state to ensure.
    required: false
    type: str

base_id:
    aliases:
    - ipabaseid
    description: First Posix ID of the range.
    required: false
    type: int

dom_sid:
    aliases:
    - ipanttrusteddomainsid
    description: Domain SID of the trusted domain.
    required: false
    type: str

dom_name:
    aliases:
    - ipanttrusteddomainname
    description: 'Domain name of the trusted domain. Can only be used when

      `ipaapi_context: server`.

      '
    required: false
    type: str

rid_base:
    aliases:
    - ipabaserid
    description: First RID of the corresponding RID range.
    required: false
    type: int

range_size:
    aliases:
    - ipaidrangesize
    description: Number of IDs in the range.
    required: false
    type: int

idrange_type:
    aliases:
    - iparangetype
    choices:
    - ipa-ad-trust
    - ipa-ad-trust-posix
    - ipa-local
    description: ID range type.
    required: false
    type: str

ipaapi_context:
    choices:
    - server
    - client
    description: 'The context in which the module will execute. Executing in a

      server context is preferred. If not provided context will be

      determined by the execution environment.

      '
    required: false
    type: str

delete_continue:
    aliases:
    - continue
    default: true
    description: 'Continuous mode. Don''t stop on errors. Valid only if `state` is `absent`.

      '
    type: bool

ipaadmin_password:
    description: The admin password.
    required: false
    type: str

ipaapi_ldap_cache:
    default: true
    description: Use LDAP cache for IPA connection.
    type: bool

ipaadmin_principal:
    default: admin
    description: The admin principal.
    type: str

secondary_rid_base:
    aliases:
    - ipasecondarybaserid
    description: First RID of the secondary RID range.
    required: false
    type: int

auto_private_groups:
    aliases:
    - ipaautoprivategroups
    choices:
    - 'true'
    - 'false'
    - hybrid
    description: Auto creation of private groups.
    required: false
    type: str