freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipaconfig Modify IPA global config options Authors: chris procter preview | supported by communityfreeipa.ansible_freeipa.ipaconfig (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Modify IPA global config options
--- - name: Playbook to handle global configuration options hosts: ipaserver become: true tasks: - name: return current values of the global configuration options freeipa.ansible_freeipa.ipaconfig: ipaadmin_password: SomeADMINpassword register: result - name: display default login shell debug: msg: '{{ result.config.defaultshell[0] }}' - name: set defaultshell and maxusername freeipa.ansible_freeipa.ipaconfig: ipaadmin_password: SomeADMINpassword defaultshell: /bin/bash maxusername: 64
- name: Playbook to enable SID and generate users and groups SIDs hosts: ipaserver tasks: - name: Enable SID and generate users and groups SIDS freeipa.ansible_freeipa.ipaconfig: ipaadmin_password: SomeADMINpassword enable_sid: yes add_sids: yes
- name: Playbook to change IPA domain netbios name hosts: ipaserver tasks: - name: Enable SID and generate users and groups SIDS freeipa.ansible_freeipa.ipaconfig: ipaadmin_password: SomeADMINpassword enable_sid: yes netbios_name: IPADOM
add_sids: description: 'Add SIDs for existing users and groups. Requires IPA 4.9.8+ and ''enable_sid: yes''. ' required: false type: bool pac_type: aliases: - ipakrbauthzdata choices: - MS-PAC - PAD - nfs:NONE - '' description: set default types of PAC supported for services required: false type: list enable_sid: description: 'New users and groups automatically get a SID assigned. Requires IPA 4.9.8+. ' required: false type: bool usersearch: aliases: - ipausersearchfields description: - Set comma-separated list of fields to search for user search required: false emaildomain: aliases: - ipadefaultemaildomain description: Set the default e-mail domain required: false groupsearch: aliases: - ipagroupsearchfields description: - Set comma-separated list of fields to search for group search required: false maxhostname: aliases: - ipamaxhostnamelength description: Set the maximum hostname length between 64-255 required: false maxusername: aliases: - ipamaxusernamelength description: Set the maximum username length between 1-255 required: false configstring: aliases: - ipaconfigstring choices: - AllowNThash - KDC:Disable Last Success - KDC:Disable Lockout - KDC:Disable Default Preauth for SPNs - '' description: Set extra hashes to generate in password plug-in required: false type: list defaultgroup: aliases: - ipadefaultprimarygroup description: Set the default group for new users required: false defaultshell: aliases: - ipadefaultloginshell - loginshell description: Set the default shell for new users required: false netbios_name: description: 'NetBIOS name of the IPA domain. Requires IPA 4.9.8+ and ''enable_sid: yes''. ' required: false type: string pwdexpnotify: aliases: - ipapwdexpadvnotify description: - Set number of days's notice of impending password expiration - values 0 to 2147483647 required: false homedirectory: aliases: - ipahomesrootdir description: Set the default location of home directories required: false ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false user_auth_type: aliases: - ipauserauthtype choices: - password - radius - otp - disabled - '' description: set default types of supported user authentication required: false type: list searchtimelimit: aliases: - ipasearchtimelimit description: - Set maximum amount of time (seconds) for a search - values -1 to 2147483647 (-1 or 0 is unlimited) required: false enable_migration: aliases: - ipamigrationenabled description: Enable migration mode required: false type: bool ipaadmin_password: description: The admin password. required: false ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool userobjectclasses: aliases: - ipauserobjectclasses description: Set default user objectclasses (comma-separated list) required: false type: list groupobjectclasses: aliases: - ipagroupobjectclasses description: Set default group objectclasses (comma-separated list) required: false type: list ipaadmin_principal: default: admin description: The admin principal. searchrecordslimit: aliases: - ipasearchrecordslimit description: - Set maximum number of records to search - values -1 to 2147483647 (-1 or 0 is unlimited) required: false selinuxusermaporder: aliases: - ipaselinuxusermaporder description: Set order in increasing priority of SELinux users required: false type: list selinuxusermapdefault: aliases: - ipaselinuxusermapdefault description: Set default SELinux user when no match found in map rule required: false domain_resolution_order: aliases: - ipadomainresolutionorder description: set list of domains used for short name qualification required: false type: list ca_renewal_master_server: description: Renewal master for IPA certificate authority. required: false type: string
config: description: Dict of all global config options options: ca_renewal_master_server: description: master for IPA certificate authority. returned: always configstring: description: extra hashes to generate in password plug-in returned: always type: list defaultgroup: description: default group for new users returned: always defaultshell: description: default shell for new users returned: always domain_resolution_order: description: list of domains used for short name qualification returned: always emaildomain: description: default e-mail domain returned: always enable_migration: description: Enable migration mode returned: always type: bool enable_sid: description: 'new users and groups automatically get a SID assigned. Requires IPA 4.9.8+. ' returned: always groupobjectclasses: description: default group objectclasses (comma-separated list) returned: always type: list groupsearch: description: comma-separated list of fields to search in group search returned: always type: list homedirectory: description: default location of home directories returned: always maxhostname: description: maximum hostname length returned: always maxusername: description: maximum username length returned: always netbios_name: description: NetBIOS name of the IPA domain. Requires IPA 4.9.8+. returned: if enable_sid is True pac_type: description: default types of PAC supported for services returned: always type: list pwdexpnotify: description: number of days's notice of impending password expiration returned: always searchrecordslimit: description: maximum number of records to search returned: always searchtimelimit: description: maximum amount of time (seconds) for a search returned: always selinuxusermapdefault: description: default SELinux user when no match is found in map rule returned: always selinuxusermaporder: description: order in increasing priority of SELinux users returned: always user_auth_type: description: default types of supported user authentication returned: always userobjectclasses: description: default user objectclasses (comma-separated list) returned: always type: list usersearch: description: comma-separated list of fields to search in user search returned: always type: list returned: When no options are set type: dict