ldap_entry - Add or remove LDAP entries.
New in version 2.3.
Synopsis
- Add or remove LDAP entries. This module only asserts the existence or non-existence of an LDAP entry, not its attributes. To assert the attribute values of an entry, see ldap_attr.
Requirements (on host that executes module)
- python-ldap
Options
parameter | required | default | choices | comments |
---|---|---|---|---|
attributes |
no |
If
state=present, attributes necessary to create an entry. Existing entries are never modified. To assert specific attribute values on an existing entry, use
ldap_attr module instead.
|
||
bind_dn |
no |
A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism. If this is blank, we'll use an anonymous bind.
|
||
bind_pw |
no |
The password to use with
bind_dn.
|
||
dn |
yes |
The DN of the entry to add or remove.
|
||
objectClass |
no |
If
state=present, value or list of values to use when creating the entry. It can either be a string or an actual list of strings.
|
||
params |
no |
List of options which allows to overwrite any of the task or the
attributes options. To remove an option, set the value of the option to
null .
|
||
server_uri |
no | ldapi:/// |
A URI to the LDAP server. The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location.
|
|
start_tls |
no | no |
|
If true, we'll use the START_TLS LDAP extension.
|
state |
no | present |
|
The target state of the entry.
|
validate_certs
(added in 2.4)
|
no | yes |
|
If
no , SSL certificates will not be validated. This should only be used on sites using self-signed certificates.
|
Examples
- name: Make sure we have a parent entry for users ldap_entry: dn: ou=users,dc=example,dc=com objectClass: organizationalUnit - name: Make sure we have an admin user ldap_entry: dn: cn=admin,dc=example,dc=com objectClass: - simpleSecurityObject - organizationalRole attributes: description: An LDAP administrator userPassword: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND" - name: Get rid of an old entry ldap_entry: dn: ou=stuff,dc=example,dc=com state: absent server_uri: ldap://localhost/ bind_dn: cn=admin,dc=example,dc=com bind_pw: password # # The same as in the previous example but with the authentication details # stored in the ldap_auth variable: # # ldap_auth: # server_uri: ldap://localhost/ # bind_dn: cn=admin,dc=example,dc=com # bind_pw: password - name: Get rid of an old entry ldap_entry: dn: ou=stuff,dc=example,dc=com state: absent params: "{{ ldap_auth }}"
Notes
Note
- The default authentication settings will attempt to use a SASL EXTERNAL bind over a UNIX domain socket. This works well with the default Ubuntu install for example, which includes a cn=peercred,cn=external,cn=auth ACL rule allowing root to modify the server configuration. If you need to use a simple bind to access your server, pass the credentials in bind_dn and bind_pw.
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/ldap_entry_module.html