/ home / theforeman / theforeman.foreman / 4.0.0 / module / auth_source_ldap

theforeman.foreman.auth_source_ldap (4.0.0) — module

Manage LDAP Authentication Sources

| "added in version" 1.0.0 of theforeman.foreman"

Authors: Christoffer Reijer (@ephracis) Basalt AB

Install collection

Install with ansible-galaxy collection install theforeman.foreman:==4.0.0

Add to requirements.yml

  collections:
    - name: theforeman.foreman
      version: 4.0.0

Description

Create, update, and delete LDAP authentication sources

Requirements

requests

Usage examples

Scanned by Steampunk Spotter

- name: Simple FreeIPA authentication source
  theforeman.foreman.auth_source_ldap:
    name: "Example LDAP"
    host: "ldap.example.org"
    server_url: "https://foreman.example.com"
    locations:
      - "Uppsala"
    organizations:
      - "Sweden"
    username: "admin"
    password: "changeme"
    state: present

Scanned by Steampunk Spotter

- name: FreeIPA with automatic registration
  theforeman.foreman.auth_source_ldap:
    name: "Example LDAP"
    host: "ldap.example.org"
    onthefly_register: true
    account: uid=ansible,cn=sysaccounts,cn=etc,dc=example,dc=com
    account_password: secret
    base_dn: dc=example,dc=com
    groups_base: cn=groups,cn=accounts, dc=example,dc=com
    server_type: free_ipa
    attr_login: uid
    attr_firstname: givenName
    attr_lastname: sn
    attr_mail: mail
    attr_photo: jpegPhoto
    server_url: "https://foreman.example.com"
    username: "admin"
    password: "changeme"
    state: present

Scanned by Steampunk Spotter

- name: Active Directory with automatic registration
  theforeman.foreman.auth_source_ldap:
    name: "Example AD"
    host: "ad.example.org"
    onthefly_register: true
    account: EXAMPLE\ansible
    account_password: secret
    base_dn: cn=Users,dc=example,dc=com
    groups_base: cn=Users,dc=example,dc=com
    server_type: active_directory
    attr_login: sAMAccountName
    attr_firstname: givenName
    attr_lastname: sn
    attr_mail: mail
    ldap_filter: (memberOf=CN=Domain Users,CN=Users,DC=example,DC=com)
    server_url: "https://foreman.example.com"
    username: "admin"
    password: "changeme"
    state: present

Inputs

tls:
description: Whether or not to use TLS when contacting the LDAP server.
required: false
type: bool

host:
description: The hostname of the LDAP server
required: true
type: str

name:
description: The name of the LDAP authentication source
required: true
type: str

port:
default: 389
description: The port number of the LDAP server
required: false
type: int

state:
choices:
- present
- absent
default: present
description:
- State of the entity
type: str

account:
description: Account name to use when accessing the LDAP server.
required: false
type: str

base_dn:
description: The base DN to use when searching.
required: false
type: str

password:
description:
- Password of the user accessing the Foreman server.
- If the value is not specified in the task, the value of environment variable C(FOREMAN_PASSWORD)
will be used instead.
required: true
type: str

username:
description:
- Username accessing the Foreman server.
- If the value is not specified in the task, the value of environment variable C(FOREMAN_USERNAME)
will be used instead.
required: true
type: str

attr_mail:
description:
- Attribute containing email address.
- Required when using I(onthefly_register).
required: false
type: str

locations:
description: List of locations the entity should be assigned to
elements: str
type: list

attr_login:
description:
- Attribute containing login ID.
- Required when using I(onthefly_register).
required: false
type: str

attr_photo:
description: Attribute containing user photo
required: false
type: str

server_url:
description:
- URL of the Foreman server.
- If the value is not specified in the task, the value of environment variable C(FOREMAN_SERVER_URL)
will be used instead.
required: true
type: str

groups_base:
description: Base DN where groups reside.
required: false
type: str

ldap_filter:
description: Filter to apply to LDAP searches
required: false
type: str

server_type:
choices:
- free_ipa
- active_directory
- posix
description: Type of the LDAP server
required: false
type: str

attr_lastname:
description:
- Attribute containing last name.
- Required when using I(onthefly_register).
required: false
type: str

organizations:
description: List of organizations the entity should be assigned to
elements: str
type: list

use_netgroups:
description: Whether to use NIS netgroups instead of posix groups, not valid for I(server_type=active_directory)
required: false
type: bool

attr_firstname:
description:
- Attribute containing first name.
- Required when using I(onthefly_register).
required: false
type: str

usergroup_sync:
description: Whether or not to sync external user groups on login
required: false
type: bool

validate_certs:
default: true
description:
- Whether or not to verify the TLS certificates of the Foreman server.
- If the value is not specified in the task, the value of environment variable C(FOREMAN_VALIDATE_CERTS)
will be used instead.
type: bool

account_password:
description:
- Account password to use when accessing the LDAP server.
- Required when using I(onthefly_register).
- When this parameter is set, the module will not be idempotent.
required: false
type: str

onthefly_register:
description: Whether or not to register users on the fly.
required: false
type: bool

Outputs

entity:
  contains:
    auth_source_ldaps:
      description: List of auth sources for LDAP.
      elements: dict
      type: list
  description: Final state of the affected entities grouped by their type.
  returned: success
  type: dict