ibm / ibm.isam / 1.1.1 / module / ldap_attr Add or remove LDAP attribute values. Authors: Jiri Tyr (@jtyr)ibm.isam.ldap_attr (1.1.1) — module
Install with ansible-galaxy collection install ibm.isam:==1.1.1
collections: - name: ibm.isam version: 1.1.1
Add or remove LDAP attribute values.
- name: Configure directory number 1 for example.com ldap_attr: dn: olcDatabase={1}hdb,cn=config name: olcSuffix values: dc=example,dc=com state: exact
# The complex argument format is required here to pass a list of ACL strings. - name: Set up the ACL ldap_attr: dn: olcDatabase={1}hdb,cn=config name: olcAccess values: - >- {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=com" write by * none' - >- {1}to dn.base="dc=example,dc=com" by dn="cn=admin,dc=example,dc=com" write by * read state: exact
- name: Declare some indexes ldap_attr: dn: olcDatabase={1}hdb,cn=config name: olcDbIndex values: "{{ item }}" with_items: - objectClass eq - uid eq
- name: Set up a root user, which we can use later to bootstrap the directory ldap_attr: dn: olcDatabase={1}hdb,cn=config name: "{{ item.key }}" values: "{{ item.value }}" state: exact with_dict: olcRootDN: cn=root,dc=example,dc=com olcRootPW: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND"
- name: Get rid of an unneeded attribute ldap_entry: dn: uid=jdoe,ou=people,dc=example,dc=com name: shadowExpire value: "" state: exact server_uri: ldap://localhost/ bind_dn: cn=admin,dc=example,dc=com bind_pw: password
# # The same as in the previous example but with the authentication details # stored in the ldap_auth variable: # # ldap_auth: # server_uri: ldap://localhost/ # bind_dn: cn=admin,dc=example,dc=com # bind_pw: password - name: Get rid of an unneeded attribute ldap_entry: dn: uid=jdoe,ou=people,dc=example,dc=com name: shadowExpire value: "" state: exact params: "{{ ldap_auth }}"
dn: description: - The DN of the entry to modify. required: true type: str name: description: - The name of the attribute to modify. required: true type: str state: choices: - present - absent - exact default: present description: - The state of the attribute values. If C(present), all given values will be added if they're missing. If C(absent), all given values will be removed if present. If C(exact), the set of values will be forced to exactly those provided and no others. If I(state=exact) and I(value) is empty, all values for this attribute will be removed. required: false type: str params: description: - parameters to be passed type: dict values: description: - The value(s) to add or remove. This can be a string or a list of strings. The complex argument format is required in order to pass a list of strings (see examples). required: true type: raw bind_dn: default: null description: - A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism. If this is blank, we'll use an anonymous bind. required: false type: str bind_pw: default: null description: - The password to use with I(bind_dn). required: false type: str start_tls: default: 'no' description: - If true, we'll use the START_TLS LDAP extension. required: false type: bool server_uri: default: ldapi:/// description: - A URI to the LDAP server. The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location. required: false type: str
modlist: description: list of modified parameters returned: success sample: '[[2, "olcRootDN", ["cn=root,dc=example,dc=com"]]]' type: list