sensu / sensu.sensu_go / 1.14.0 / module / ldap_auth_provider Manage Sensu LDAP authentication provider | "added in version" 1.10.0 of sensu.sensu_go" Authors: Aljaz Kosir (@aljazkosir), Manca Bizjak (@mancabizjak), Miha Dolinar (@mdolin), Tadej Borovsak (@tadeboro) stableinterface | supported by certifiedsensu.sensu_go.ldap_auth_provider (1.14.0) — module
Install with ansible-galaxy collection install sensu.sensu_go:==1.14.0
collections: - name: sensu.sensu_go version: 1.14.0
Create, update or delete a Sensu Go LDAP authentication provider.
For more information, refer to the Sensu Go documentation at U(https://docs.sensu.io/sensu-go/latest/operations/control-access/ldap-auth/).
- name: Create a LDAP auth provider sensu.sensu_go.ldap_auth_provider: name: openldap servers: - host: 127.0.0.1 group_search: base_dn: dc=acme,dc=org user_search: base_dn: dc=acme,dc=org
- name: Delete a LDAP auth provider sensu.sensu_go.ldap_auth_provider: name: openldap state: absent
auth: description: - Authentication parameters. Can define each of them with ENV as well. suboptions: api_key: description: - The API key that should be used when authenticating. If this is not set, the value of the SENSU_API_KEY environment variable will be checked. - This replaces I(auth.user) and I(auth.password) parameters. - For more information about the API key, refer to the official Sensu documentation at U(https://docs.sensu.io/sensu-go/latest/guides/use-apikey-feature/). type: str version_added: 1.3.0 version_added_collection: sensu.sensu_go ca_path: description: - Path to the CA bundle that should be used to validate the backend certificate. - If this parameter is not set, module will use the CA bundle that python is using. - It is also possible to set this parameter via the I(SENSU_CA_PATH) environment variable. type: path version_added: 1.5.0 version_added_collection: sensu.sensu_go password: default: P@ssw0rd! description: - The Sensu user's password. If this is not set the value of the SENSU_PASSWORD environment variable will be checked. - This parameter is ignored if the I(auth.api_key) parameter is set. type: str url: default: http://localhost:8080 description: - Location of the Sensu backend API. If this is not set the value of the SENSU_URL environment variable will be checked. type: str user: default: admin description: - The username to use for connecting to the Sensu API. If this is not set the value of the SENSU_USER environment variable will be checked. - This parameter is ignored if the I(auth.api_key) parameter is set. type: str verify: default: true description: - Flag that controls the certificate validation. - If you are using self-signed certificates, you can set this parameter to C(false). - ONLY USE THIS PARAMETER IN DEVELOPMENT SCENARIOS! In you use self-signed certificates in production, see the I(auth.ca_path) parameter. - It is also possible to set this parameter via the I(SENSU_VERIFY) environment variable. type: bool version_added: 1.5.0 version_added_collection: sensu.sensu_go type: dict name: description: - The Sensu resource's name. This name (in combination with the namespace where applicable) uniquely identifies the resource that Ansible operates on. - If the resource with selected name already exists, Ansible module will update it to match the specification in the task. - Consult the I(name) metadata attribute specification in the upstream docs on U(https://docs.sensu.io/sensu-go/latest/reference/) for more details about valid names and other restrictions. required: true type: str state: choices: - present - absent default: present description: - Target state of the Sensu object. type: str servers: description: - An array of LDAP servers for your directory. - Required if I(state) is C(present). elements: dict suboptions: binding: description: - The LDAP account that performs user and group lookups. - If your sever supports anonymous binding, you can omit the user_dn or password attributes to query the directory without credentials. suboptions: password: description: - Password for the user_dn account. - If your sever supports anonymous binding, you can omit this attribute. required: true type: str user_dn: description: - The LDAP account that performs user and group lookups. - If your sever supports anonymous binding, you can omit this attribute. required: true type: str type: dict client_cert_file: description: - Path to the certificate that should be sent to the server if requested. type: str client_key_file: description: - Path to the key file associated with the client_cert_file. - Required if I(client_cert_file) is present. type: str group_search: description: - Search configuration for groups. suboptions: attribute: default: member description: - Used for comparing result entries. type: str base_dn: description: - Which part of the directory tree to search. required: true type: str name_attribute: default: cn description: - Represents the attribute to use as the entry name. type: str object_class: default: groupOfNames description: - Identifies the class of objects returned in the search result. type: str type: dict host: description: - LDAP server IP address. required: true type: str insecure: default: false description: - Skips SSL certificate verification when set to true. type: bool port: description: - LDAP server port. type: int security: choices: - insecure - tls - starttls default: tls description: - Encryption type to be used for the connection to the LDAP server. type: str trusted_ca_file: description: - Path to an alternative CA bundle file. type: str user_search: description: - Search configuration for users. suboptions: attribute: default: uid description: - Used for comparing result entries. type: str base_dn: description: - Which part of the directory tree to search. required: true type: str name_attribute: default: cn description: - Represents the attribute to use as the entry name. type: str object_class: default: person description: - Identifies the class of objects returned in the search result. type: str type: dict type: list groups_prefix: description: - The prefix added to all LDAP groups. type: str username_prefix: description: - The prefix added to all LDAP usernames. type: str
object: description: Object representing Sensu LDAP authentication provider. returned: success sample: groups_prefix: ldap metadata: name: openldap servers: binding: user_dn: cn=binder,dc=acme,dc=org client_cert_file: /path/to/ssl/cert.pem client_key_file: /path/to/ssl/key.pem group_search: attribute: member base_dn: dc=acme,dc=org name_attribute': cn object_class: groupOfNames host: 127.0.0.1 insecure: 'False' port: '636' security: tls trusted_ca_file: /path/to/trusted-certificate-authorities.pem user_search: attribute: uid base_dn: dc=acme,dc=org name_attribute: cn object_class: person username_prefix: ldap type: dict