netscaler / netscaler.adc / 2.5.1 / module / authenticationldapaction Configuration for LDAP action resource. | "added in version" 2.0.0 of netscaler.adc" Authors: Sumanth Lingappa (@sumanth-lingappa) preview | supported by communitynetscaler.adc.authenticationldapaction (2.5.1) — module
Install with ansible-galaxy collection install netscaler.adc:==2.5.1
collections: - name: netscaler.adc version: 2.5.1
Configuration for LDAP action resource.
name: description: - Name for the new LDAP action. - Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the LDAP action is added. - '' - 'The following requirement applies only to the Citrix ADC CLI:' - If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication action" or 'my authentication action'). type: str nsip: description: - The ip address of the NetScaler ADC appliance where the nitro API calls will be made. - The port can be specified with the colon (:). E.g. 192.168.1.1:555. required: true type: str email: description: - The Citrix ADC uses the email attribute to query the Active Directory for the email id of a user type: str state: choices: - present - absent - unset default: present description: - The state of the resource being configured by the module on the NetScaler ADC node. - When C(present), the resource will be added/updated configured according to the module's parameters. - When C(absent), the resource will be deleted from the NetScaler ADC node. - When C(unset), the resource will be unset on the NetScaler ADC node. type: str sectype: choices: - PLAINTEXT - TLS - SSL description: - Type of security used for communications between the Citrix ADC and the LDAP server. For the C(PLAINTEXT) setting, no encryption is required. type: str svrtype: choices: - AD - NDS description: - The type of LDAP server. type: str api_path: default: nitro/v1/config description: - Base NITRO API path. - Define only in case of an ADM service proxy call type: str ldapbase: description: - Base (node) from which to start LDAP searches. - If the LDAP server is running locally, the default value of base is dc=netscaler, dc=com. type: str serverip: description: - IP address assigned to the LDAP server. type: str otpsecret: description: - OneTimePassword(OTP) Secret key attribute on AD. This attribute is used to store and retrieve secret key used for OTP check type: str attribute1: description: - Expression that would be evaluated to extract attribute1 from the ldap response type: str attribute2: description: - Expression that would be evaluated to extract attribute2 from the ldap response type: str attribute3: description: - Expression that would be evaluated to extract attribute3 from the ldap response type: str attribute4: description: - Expression that would be evaluated to extract attribute4 from the ldap response type: str attribute5: description: - Expression that would be evaluated to extract attribute5 from the ldap response type: str attribute6: description: - Expression that would be evaluated to extract attribute6 from the ldap response type: str attribute7: description: - Expression that would be evaluated to extract attribute7 from the ldap response type: str attribute8: description: - Expression that would be evaluated to extract attribute8 from the ldap response type: str attribute9: description: - Expression that would be evaluated to extract attribute9 from the ldap response type: str attributes: description: - List of attribute names separated by ',' which needs to be fetched from ldap server. - Note that preceeding and trailing spaces will be removed. - Attribute name can be 127 bytes and total length of this string should not cross 2047 bytes. - These attributes have multi-value support separated by ',' and stored as key-value pair in AAA session type: str ldapbinddn: description: - Full distinguished name (DN) that is used to bind to the LDAP server. - 'Default: cn=Manager,dc=netscaler,dc=com' type: str nitro_pass: description: - The password with which to authenticate to the NetScaler ADC node. required: false type: str nitro_user: description: - The username with which to authenticate to the NetScaler ADC node. required: false type: str servername: description: - LDAP server name as a FQDN. Mutually exclusive with LDAP IP address. type: str serverport: description: - Port on which the LDAP server accepts connections. type: int attribute10: description: - Expression that would be evaluated to extract attribute10 from the ldap response type: str attribute11: description: - Expression that would be evaluated to extract attribute11 from the ldap response type: str attribute12: description: - Expression that would be evaluated to extract attribute12 from the ldap response type: str attribute13: description: - Expression that would be evaluated to extract attribute13 from the ldap response type: str attribute14: description: - Expression that would be evaluated to extract attribute14 from the ldap response type: str attribute15: description: - Expression that would be evaluated to extract attribute15 from the ldap response type: str attribute16: description: - Expression that would be evaluated to extract attribute16 from the ldap response type: str authtimeout: description: - Number of seconds the Citrix ADC waits for a response from the RADIUS server. type: float kbattribute: description: - KnowledgeBasedAuthentication(KBA) attribute on AD. This attribute is used to store and retrieve preconfigured Question and Answer knowledge base used for KBA authentication. type: str pushservice: description: - Name of the service used to send push notifications type: str requireuser: choices: - 'YES' - 'NO' description: - Require a successful user search for authentication. - CAUTION! This field should be set to C(NO) only if usersearch not required [Both username validation as well as password validation skipped] and (non-LDAP) authentication methods are in use and either bound to a primary list or flagged as secondary. type: str save_config: default: false description: - If C(true) the module will save the configuration on the NetScaler ADC node if it makes any changes. - The module will not save the configuration on the NetScaler ADC node if it made no changes. type: bool ldaphostname: description: - Hostname for the LDAP server. If -validateServerCert is ON then this must be the host name on the certificate from the LDAP server. - A hostname mismatch will cause a connection failure. type: str passwdchange: choices: - ENABLED - DISABLED description: - Allow password change requests. type: str searchfilter: description: - String to be combined with the default LDAP user search string to form the search value. For example, if the search filter "vpnallowed=true" is combined with the LDAP login name "samaccount" and the user-supplied username is "bob", the result is the LDAP search string ""&(vpnallowed=true)(samaccount=bob)"" (Be sure to enclose the search string in two sets of double quotation marks; both sets are needed.). type: str sshpublickey: description: - SSH PublicKey is attribute on AD. This attribute is used to retrieve ssh PublicKey for RBA authentication type: str groupattrname: description: - LDAP group attribute name. - Used for group extraction on the LDAP server. type: str ldaploginname: description: - LDAP login name attribute. - The Citrix ADC uses the LDAP login name to query external LDAP servers or Active Directories. type: str authentication: choices: - ENABLED - DISABLED description: - Perform LDAP authentication. - If authentication is disabled, any LDAP authentication attempt returns authentication success if the user is found. - CAUTION! Authentication should be disabled only for authorization group extraction or where other (non-LDAP) authentication methods are in use and either bound to a primary list or flagged as secondary. type: str nitro_protocol: choices: - http - https default: https description: - Which protocol to use when accessing the nitro API objects. type: str validate_certs: default: true description: - If C(false), SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. required: false type: bool cloudattributes: choices: - ENABLED - DISABLED description: - The Citrix ADC uses the cloud attributes to extract additional attributes from LDAP servers required for Citrix Cloud operations type: str followreferrals: choices: - 'ON' - 'OFF' description: - Setting this option to C(ON) enables following LDAP referrals received from the LDAP server. type: str maxnestinglevel: description: - If nested group extraction is ON, specifies the number of levels up to which group extraction is performed. type: float maxldapreferrals: description: - Specifies the maximum number of nested referrals to follow. type: float nitro_auth_token: description: - The authentication token provided by a login operation. type: str version_added: 2.6.0 version_added_collection: netscaler.adc ssonameattribute: description: - LDAP single signon (SSO) attribute. - The Citrix ADC uses the SSO name attribute to query external LDAP servers or Active Directories for an alternate username. type: str subattributename: description: - LDAP group sub-attribute name. - Used for group extraction from the LDAP server. type: str groupsearchfilter: description: - String to be combined with the default LDAP group search string to form the search value. For example, the group search filter ""vpnallowed=true"" when combined with the group identifier ""samaccount"" and the group name ""g1"" yields the LDAP search string ""(&(vpnallowed=true)(samaccount=g1)"". If nestedGroupExtraction is ENABLED, the filter is applied on the first level group search as well, otherwise first level groups (of which user is a direct member of) will be fetched without applying this filter. (Be sure to enclose the search string in two sets of double quotation marks; both sets are needed.) type: str referraldnslookup: choices: - A-REC - SRV-REC - MSSRV-REC description: - Specifies the DNS Record lookup Type for the referrals type: str alternateemailattr: description: - The NetScaler appliance uses the alternateive email attribute to query the Active Directory for the alternative email id of a user type: str ldapbinddnpassword: description: - Password used to bind to the LDAP server. type: str validateservercert: choices: - 'YES' - 'NO' description: - When to validate LDAP server certs type: str groupnameidentifier: description: - Name that uniquely identifies a group in LDAP or Active Directory. type: str mssrvrecordlocation: description: - MSSRV Specific parameter. Used to locate the DNS node to which the SRV record pertains in the domainname. The domainname is appended to it to form the srv record. - 'Example : For "dc._msdcs", the srv record formed is _ldap._tcp.dc._msdcs.<domainname>.' type: str groupsearchattribute: description: - LDAP group search attribute. - Used to determine to which groups a group belongs. type: str nestedgroupextraction: choices: - 'ON' - 'OFF' description: - Allow nested group extraction, in which the Citrix ADC queries external LDAP servers to determine whether a group is part of another group. type: str groupsearchsubattribute: description: - LDAP group search subattribute. - Used to determine to which groups a group belongs. type: str defaultauthenticationgroup: description: - This is the default group that is chosen when the authentication succeeds in addition to extracted groups. type: str
changed: description: Indicates if any change is made by the module returned: always sample: true type: bool diff: description: Dictionary of before and after changes returned: always sample: after: key2: pqr before: key1: xyz prepared: changes done type: dict diff_list: description: List of differences between the actual configured object and the configuration specified in the module returned: when changed sample: - 'Attribute `key1` differs. Desired: (<class ''str''>) XYZ. Existing: (<class ''str''>) PQR' type: list failed: description: Indicates if the module failed or not returned: always sample: false type: bool loglines: description: list of logged messages by the module returned: always sample: - message 1 - message 2 type: list