Try SpotterManage FreeIPA groups
Authors: Thomas Woerner
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections:
- name: freeipa.ansible_freeipa
version: 1.8.4Manage FreeIPA groups
# Create group ops with gid 1234
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: ops
gidnumber: 1234
# Create group sysops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: sysops
# Create group appops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: appops
# Add user member pinky to group sysops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: sysops
action: member
user:
- pinky
# Add user member brain to group sysops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: sysops
action: member
user:
- brain
# Add group members sysops and appops to group sysops
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: ops
group:
- sysops
- appops
# Create a non-POSIX group
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: nongroup
nonposix: yes
# Turn a non-POSIX group into a POSIX group.
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: nonposix
posix: yes
# Create an external group and add members from a trust to it.
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
external: yes
externalmember:
- WINIPA\Web Users
- WINIPA\Developers
# Remove goups sysops, appops, ops and nongroup
- freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: SomeADMINpassword
name: sysops,appops,ops, nongroup
state: absent
gid:
aliases:
- gidnumber
description: The GID
required: false
name:
aliases:
- cn
description: The group name
required: false
user:
description: List of user names assigned to this group.
required: false
type: list
group:
description: List of group names assigned to this group.
required: false
type: list
posix:
description: Create a non-POSIX group or change a non-POSIX to a posix group.
required: false
type: bool
state:
choices:
- present
- absent
default: present
description: State to ensure
action:
choices:
- member
- group
default: group
description: Work on group or member level
service:
description:
- List of service names assigned to this group.
- Only usable with IPA versions 4.7 and up.
required: false
type: list
external:
description: Allow adding external non-IPA members from trusted domains
required: false
type: bool
nonposix:
description: Create as a non-POSIX group
required: false
type: bool
nomembers:
description: Suppress processing of membership attributes
required: false
type: bool
description:
description: The group description
required: false
externalmember:
aliases:
- ipaexternalmember
- external_member
description:
- List of members of a trusted domain in DOM\name or name@domain form.
required: false
type: list
idoverrideuser:
description:
- User ID overrides to add
required: false
type: list
ipaapi_context:
choices:
- server
- client
description: 'The context in which the module will execute. Executing in a
server context is preferred. If not provided context will be
determined by the execution environment.
'
required: false
ipaadmin_password:
description: The admin password.
required: false
ipaapi_ldap_cache:
default: true
description: Use LDAP cache for IPA connection.
type: bool
ipaadmin_principal:
default: admin
description: The admin principal.
membermanager_user:
description:
- List of member manager users assigned to this group.
- Only usable with IPA versions 4.8.4 and up.
required: false
type: list
membermanager_group:
description:
- List of member manager groups assigned to this group.
- Only usable with IPA versions 4.8.4 and up.
required: false
type: list