netapp / netapp.storagegrid / 21.12.0 / module / na_sg_org_identity_federation NetApp StorageGRID manage Tenant identity federation. | "added in version" 21.6.0 of netapp.storagegrid" Authors: NetApp Ansible Team (@joshedmonds) <ng-ansibleteam@netapp.com>netapp.storagegrid.na_sg_org_identity_federation (21.12.0) — module
Install with ansible-galaxy collection install netapp.storagegrid:==21.12.0
collections: - name: netapp.storagegrid version: 21.12.0
Configure Tenant Identity Federation within NetApp StorageGRID.
If module is run with C(check_mode), a connectivity test will be performed using the supplied values without changing the configuration.
This module is idempotent if I(password) is not specified.
- name: test identity federation configuration netapp.storagegrid.na_sg_org_identity_federation: api_url: "https://<storagegrid-endpoint-url>" auth_token: "storagegrid-auth-token" validate_certs: false state: present ldap_service_type: "Active Directory" hostname: "ad.example.com" port: 389 username: "binduser" password: "bindpass" base_group_dn: "DC=example,DC=com" base_user_dn: "DC=example,DC=com" tls: "Disabled" check_mode: yes
- name: configure identity federation with AD and TLS netapp.storagegrid.na_sg_org_identity_federation: api_url: "https://<storagegrid-endpoint-url>" auth_token: "storagegrid-auth-token" validate_certs: false state: present ldap_service_type: "Active Directory" hostname: "ad.example.com" port: 636, username: "binduser" password: "bindpass" base_group_dn: "DC=example,DC=com" base_user_dn: "DC=example,DC=com" tls: "LDAPS" ca_cert: | -----BEGIN CERTIFICATE----- MIIC+jCCAeICCQDmn9Gow08LTzANBgkqhkiG9w0BAQsFADA/..swCQYDVQQGEwJV bXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB..JFzNIXQEGnsgjV JGU4giuvOLOZ8Q3gyuUbkSUQDjmjpMR8PliwJ6iW2Ity89Dv..dl1TaIYI/ansyZ Uxk4YXeN6kUkrDtNxCg1McALzXVAfxMTtj2SFlLxne4Z6rX2..UyftQrfM13F1vY gK8dBPz+l+X/Uozo/xNm7gxe68p9le9/pcULst1CQn5/sPqq..kgWcSvlKUItu82 lq3B2169rovdIaNdcvaQjMPhrDGo5rvLfMN35U3Hgbz41PL5..x2BcUE6/0ab5T4 qKBxKa3t9twj+zpUqOzyL0PFfCE+SK5fEXAS1ow4eAcLN+eB..gR/PuvGAyIPCtE 1+X4GrECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFpO+04Ra..FMJPH6dBmzfb7l k04BWTvSlur6HiQdXY+oFQMJZzyI7MQ8v9HBIzS0ZAzYWLp4..VZhHmRxnrWyxVs u783V5YfQH2L4QnBDoiDefgxyfDs2PcoF5C+X9CGXmPqzst2..y/6tdOVJzdiA== -----END CERTIFICATE-----
tls: choices: - STARTTLS - LDAPS - Disabled default: STARTTLS description: - Whether Transport Layer Security is used to connect to the LDAP server. type: str port: description: - The port used to connect to the LDAP server. Typically 389 for LDAP, or 636 for LDAPS. type: int type: default: ldap description: - The type of identity source. - Default is 'ldap'. type: str state: choices: - present - absent default: present description: - Whether identity federation should be enabled or not. type: str api_url: description: - The url to the StorageGRID Admin Node REST API. required: true type: str ca_cert: description: - Custom certificate used to connect to the LDAP server. - If a custom certificate is not supplied, the operating system CA certificate will be used. type: str hostname: description: - The hostname or IP address of the LDAP server. type: str password: description: - The password associated with the username. type: str username: description: - The username to bind to the LDAP server. type: str auth_token: description: - The authorization token for the API request required: true type: str base_user_dn: description: - The Distinguished Name of the LDAP subtree to search for users. type: str base_group_dn: description: - The Distinguished Name of the LDAP subtree to search for groups. type: str validate_certs: default: true description: - Should https certificates be validated? required: false type: bool ldap_service_type: choices: - Active Directory - OpenLDAP - Other description: - The type of LDAP server. type: str ldap_user_id_attribute: description: - The LDAP attribute which contains the unique user name of a user. - Should be configured if I(ldap_service_type=Other). type: str ldap_group_id_attribute: description: - The LDAP attribute which contains the group for a user. - Should be configured if I(ldap_service_type=Other). type: str ldap_user_uuid_attribute: description: - The LDAP attribute which contains the permanent unique identity of a user. - Should be configured if I(ldap_service_type=Other). type: str ldap_group_uuid_attribute: description: - The LDAP attribute which contains the group's permanent unique identity. - Should be configured if I(ldap_service_type=Other). type: str
resp: description: Returns information about the StorageGRID tenant account identity source configuration. returned: success sample: baseGroupDn: DC=example,DC=com baseUserDn: DC=example,DC=com caCert: '-----BEGIN CERTIFICATE----- abcdefghijkl123456780ABCDEFGHIJKL 123456/7890ABCDEFabcdefghijklABCD -----END CERTIFICATE----- ' disable: false disableTLS: false enableLDAPS: false hostname: 10.1.2.3 id: 00000000-0000-0000-0000-000000000000 ldapServiceType: Active Directory password: '********' port: 389 type: ldap username: MYDOMAIN\Administrator type: dict