Try SpotterConfiguration for LDAP action resource.
| "added in version" 2.0.0 of netscaler.adc"
Authors: Sumanth Lingappa (@sumanth-lingappa)
preview | supported by community
Install with ansible-galaxy collection install netscaler.adc:==2.5.1
collections:
- name: netscaler.adc
version: 2.5.1Configuration for LDAP action resource.
name:
description:
- Name for the new LDAP action.
- Must begin with a letter, number, or the underscore character (_), and must contain
only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@),
equals (=), colon (:), and underscore characters. Cannot be changed after the LDAP
action is added.
- ''
- 'The following requirement applies only to the Citrix ADC CLI:'
- If the name includes one or more spaces, enclose the name in double or single quotation
marks (for example, "my authentication action" or 'my authentication action').
type: str
nsip:
description:
- The ip address of the NetScaler ADC appliance where the nitro API calls will be
made.
- The port can be specified with the colon (:). E.g. 192.168.1.1:555.
required: true
type: str
email:
description:
- The Citrix ADC uses the email attribute to query the Active Directory for the email
id of a user
type: str
state:
choices:
- present
- absent
- unset
default: present
description:
- The state of the resource being configured by the module on the NetScaler ADC node.
- When C(present), the resource will be added/updated configured according to the
module's parameters.
- When C(absent), the resource will be deleted from the NetScaler ADC node.
- When C(unset), the resource will be unset on the NetScaler ADC node.
type: str
sectype:
choices:
- PLAINTEXT
- TLS
- SSL
description:
- Type of security used for communications between the Citrix ADC and the LDAP server.
For the C(PLAINTEXT) setting, no encryption is required.
type: str
svrtype:
choices:
- AD
- NDS
description:
- The type of LDAP server.
type: str
api_path:
default: nitro/v1/config
description:
- Base NITRO API path.
- Define only in case of an ADM service proxy call
type: str
ldapbase:
description:
- Base (node) from which to start LDAP searches.
- If the LDAP server is running locally, the default value of base is dc=netscaler,
dc=com.
type: str
serverip:
description:
- IP address assigned to the LDAP server.
type: str
otpsecret:
description:
- OneTimePassword(OTP) Secret key attribute on AD. This attribute is used to store
and retrieve secret key used for OTP check
type: str
attribute1:
description:
- Expression that would be evaluated to extract attribute1 from the ldap response
type: str
attribute2:
description:
- Expression that would be evaluated to extract attribute2 from the ldap response
type: str
attribute3:
description:
- Expression that would be evaluated to extract attribute3 from the ldap response
type: str
attribute4:
description:
- Expression that would be evaluated to extract attribute4 from the ldap response
type: str
attribute5:
description:
- Expression that would be evaluated to extract attribute5 from the ldap response
type: str
attribute6:
description:
- Expression that would be evaluated to extract attribute6 from the ldap response
type: str
attribute7:
description:
- Expression that would be evaluated to extract attribute7 from the ldap response
type: str
attribute8:
description:
- Expression that would be evaluated to extract attribute8 from the ldap response
type: str
attribute9:
description:
- Expression that would be evaluated to extract attribute9 from the ldap response
type: str
attributes:
description:
- List of attribute names separated by ',' which needs to be fetched from ldap server.
- Note that preceeding and trailing spaces will be removed.
- Attribute name can be 127 bytes and total length of this string should not cross
2047 bytes.
- These attributes have multi-value support separated by ',' and stored as key-value
pair in AAA session
type: str
ldapbinddn:
description:
- Full distinguished name (DN) that is used to bind to the LDAP server.
- 'Default: cn=Manager,dc=netscaler,dc=com'
type: str
nitro_pass:
description:
- The password with which to authenticate to the NetScaler ADC node.
required: false
type: str
nitro_user:
description:
- The username with which to authenticate to the NetScaler ADC node.
required: false
type: str
servername:
description:
- LDAP server name as a FQDN. Mutually exclusive with LDAP IP address.
type: str
serverport:
description:
- Port on which the LDAP server accepts connections.
type: int
attribute10:
description:
- Expression that would be evaluated to extract attribute10 from the ldap response
type: str
attribute11:
description:
- Expression that would be evaluated to extract attribute11 from the ldap response
type: str
attribute12:
description:
- Expression that would be evaluated to extract attribute12 from the ldap response
type: str
attribute13:
description:
- Expression that would be evaluated to extract attribute13 from the ldap response
type: str
attribute14:
description:
- Expression that would be evaluated to extract attribute14 from the ldap response
type: str
attribute15:
description:
- Expression that would be evaluated to extract attribute15 from the ldap response
type: str
attribute16:
description:
- Expression that would be evaluated to extract attribute16 from the ldap response
type: str
authtimeout:
description:
- Number of seconds the Citrix ADC waits for a response from the RADIUS server.
type: float
kbattribute:
description:
- KnowledgeBasedAuthentication(KBA) attribute on AD. This attribute is used to store
and retrieve preconfigured Question and Answer knowledge base used for KBA authentication.
type: str
pushservice:
description:
- Name of the service used to send push notifications
type: str
requireuser:
choices:
- 'YES'
- 'NO'
description:
- Require a successful user search for authentication.
- CAUTION! This field should be set to C(NO) only if usersearch not required [Both
username validation as well as password validation skipped] and (non-LDAP) authentication
methods are in use and either bound to a primary list or flagged as secondary.
type: str
save_config:
default: false
description:
- If C(true) the module will save the configuration on the NetScaler ADC node if it
makes any changes.
- The module will not save the configuration on the NetScaler ADC node if it made
no changes.
type: bool
ldaphostname:
description:
- Hostname for the LDAP server. If -validateServerCert is ON then this must be the
host name on the certificate from the LDAP server.
- A hostname mismatch will cause a connection failure.
type: str
passwdchange:
choices:
- ENABLED
- DISABLED
description:
- Allow password change requests.
type: str
searchfilter:
description:
- String to be combined with the default LDAP user search string to form the search
value. For example, if the search filter "vpnallowed=true" is combined with the
LDAP login name "samaccount" and the user-supplied username is "bob", the result
is the LDAP search string ""&(vpnallowed=true)(samaccount=bob)"" (Be sure to enclose
the search string in two sets of double quotation marks; both sets are needed.).
type: str
sshpublickey:
description:
- SSH PublicKey is attribute on AD. This attribute is used to retrieve ssh PublicKey
for RBA authentication
type: str
groupattrname:
description:
- LDAP group attribute name.
- Used for group extraction on the LDAP server.
type: str
ldaploginname:
description:
- LDAP login name attribute.
- The Citrix ADC uses the LDAP login name to query external LDAP servers or Active
Directories.
type: str
authentication:
choices:
- ENABLED
- DISABLED
description:
- Perform LDAP authentication.
- If authentication is disabled, any LDAP authentication attempt returns authentication
success if the user is found.
- CAUTION! Authentication should be disabled only for authorization group extraction
or where other (non-LDAP) authentication methods are in use and either bound to
a primary list or flagged as secondary.
type: str
nitro_protocol:
choices:
- http
- https
default: https
description:
- Which protocol to use when accessing the nitro API objects.
type: str
validate_certs:
default: true
description:
- If C(false), SSL certificates will not be validated. This should only be used on
personally controlled sites using self-signed certificates.
required: false
type: bool
cloudattributes:
choices:
- ENABLED
- DISABLED
description:
- The Citrix ADC uses the cloud attributes to extract additional attributes from LDAP
servers required for Citrix Cloud operations
type: str
followreferrals:
choices:
- 'ON'
- 'OFF'
description:
- Setting this option to C(ON) enables following LDAP referrals received from the
LDAP server.
type: str
maxnestinglevel:
description:
- If nested group extraction is ON, specifies the number of levels up to which group
extraction is performed.
type: float
maxldapreferrals:
description:
- Specifies the maximum number of nested referrals to follow.
type: float
nitro_auth_token:
description:
- The authentication token provided by a login operation.
type: str
version_added: 2.6.0
version_added_collection: netscaler.adc
ssonameattribute:
description:
- LDAP single signon (SSO) attribute.
- The Citrix ADC uses the SSO name attribute to query external LDAP servers or Active
Directories for an alternate username.
type: str
subattributename:
description:
- LDAP group sub-attribute name.
- Used for group extraction from the LDAP server.
type: str
groupsearchfilter:
description:
- String to be combined with the default LDAP group search string to form the search
value. For example, the group search filter ""vpnallowed=true"" when combined with
the group identifier ""samaccount"" and the group name ""g1"" yields the LDAP search
string ""(&(vpnallowed=true)(samaccount=g1)"". If nestedGroupExtraction is ENABLED,
the filter is applied on the first level group search as well, otherwise first level
groups (of which user is a direct member of) will be fetched without applying this
filter. (Be sure to enclose the search string in two sets of double quotation marks;
both sets are needed.)
type: str
referraldnslookup:
choices:
- A-REC
- SRV-REC
- MSSRV-REC
description:
- Specifies the DNS Record lookup Type for the referrals
type: str
alternateemailattr:
description:
- The NetScaler appliance uses the alternateive email attribute to query the Active
Directory for the alternative email id of a user
type: str
ldapbinddnpassword:
description:
- Password used to bind to the LDAP server.
type: str
validateservercert:
choices:
- 'YES'
- 'NO'
description:
- When to validate LDAP server certs
type: str
groupnameidentifier:
description:
- Name that uniquely identifies a group in LDAP or Active Directory.
type: str
mssrvrecordlocation:
description:
- MSSRV Specific parameter. Used to locate the DNS node to which the SRV record pertains
in the domainname. The domainname is appended to it to form the srv record.
- 'Example : For "dc._msdcs", the srv record formed is _ldap._tcp.dc._msdcs.<domainname>.'
type: str
groupsearchattribute:
description:
- LDAP group search attribute.
- Used to determine to which groups a group belongs.
type: str
nestedgroupextraction:
choices:
- 'ON'
- 'OFF'
description:
- Allow nested group extraction, in which the Citrix ADC queries external LDAP servers
to determine whether a group is part of another group.
type: str
groupsearchsubattribute:
description:
- LDAP group search subattribute.
- Used to determine to which groups a group belongs.
type: str
defaultauthenticationgroup:
description:
- This is the default group that is chosen when the authentication succeeds in addition
to extracted groups.
type: str
changed:
description: Indicates if any change is made by the module
returned: always
sample: true
type: bool
diff:
description: Dictionary of before and after changes
returned: always
sample:
after:
key2: pqr
before:
key1: xyz
prepared: changes done
type: dict
diff_list:
description: List of differences between the actual configured object and the configuration
specified in the module
returned: when changed
sample:
- 'Attribute `key1` differs. Desired: (<class ''str''>) XYZ. Existing: (<class ''str''>)
PQR'
type: list
failed:
description: Indicates if the module failed or not
returned: always
sample: false
type: bool
loglines:
description: list of logged messages by the module
returned: always
sample:
- message 1
- message 2
type: list