fortios_user_ldap – Configure LDAP server entries in Fortinet’s FortiOS and FortiGate
New in version 2.9.
Synopsis
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and ldap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements
The below requirements are needed on the host that executes this module.
- fortiosapi>=0.9.8
Parameters
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| host
string
|
FortiOS or FortiGate IP address.
|
||
| https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol.
|
|
| password
string
|
Default:
""
|
FortiOS or FortiGate password.
|
|
| ssl_verify
boolean
|
|
Ensures FortiGate certificate must be verified by a proper CA.
|
|
| state
string / required
|
|
Indicates whether to create or remove the object.
|
|
| user_ldap
dictionary
|
Default:
null
|
Configure LDAP server entries.
|
|
| account_key_filter
string
|
Account key filter, using the UPN as the search filter.
|
||
| account_key_processing
string
|
|
Account key processing operation, either keep or strip domain string of UPN in the token.
|
|
| ca_cert
string
|
CA certificate name. Source vpn.certificate.ca.name.
|
||
| cnid
string
|
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
|
||
| dn
string
|
Distinguished name used to look up entries on the LDAP server.
|
||
| group_filter
string
|
Filter used for group matching.
|
||
| group_member_check
string
|
|
Group member checking methods.
|
|
| group_object_filter
string
|
Filter used for group searching.
|
||
| group_search_base
string
|
Search base used for group searching.
|
||
| member_attr
string
|
Name of attribute from which to get group membership.
|
||
| name
string / required
|
LDAP server entry name.
|
||
| password
string
|
Password for initial binding.
|
||
| password_expiry_warning
string
|
|
Enable/disable password expiry warnings.
|
|
| password_renewal
string
|
|
Enable/disable online password renewal.
|
|
| port
integer
|
Port to be used for communication with the LDAP server .
|
||
| secondary_server
string
|
Secondary LDAP server CN domain name or IP.
|
||
| secure
string
|
|
Port to be used for authentication.
|
|
| server
string
|
LDAP server CN domain name or IP.
|
||
| server_identity_check
string
|
|
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate).
|
|
| source_ip
string
|
Source IP for communications to LDAP server.
|
||
| ssl_min_proto_version
string
|
|
Minimum supported protocol version for SSL/TLS connections .
|
|
| tertiary_server
string
|
Tertiary LDAP server CN domain name or IP.
|
||
| type
string
|
|
Authentication type for LDAP searches.
|
|
| username
string
|
Username (full DN) for initial binding.
|
||
| username
string
|
FortiOS or FortiGate username.
|
||
| vdom
string
|
Default:
"root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
|
Notes
Note
- Requires fortiosapi library developed by Fortinet
- Run as a local_action in your playbook
Examples
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure LDAP server entries.
fortios_user_ldap:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
user_ldap:
account_key_filter: "<your_own_value>"
account_key_processing: "same"
ca_cert: "<your_own_value> (source vpn.certificate.ca.name)"
cnid: "<your_own_value>"
dn: "<your_own_value>"
group_filter: "<your_own_value>"
group_member_check: "user-attr"
group_object_filter: "<your_own_value>"
group_search_base: "<your_own_value>"
member_attr: "<your_own_value>"
name: "default_name_13"
password: "<your_own_value>"
password_expiry_warning: "enable"
password_renewal: "enable"
port: "17"
secondary_server: "<your_own_value>"
secure: "disable"
server: "192.168.100.40"
server_identity_check: "enable"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
tertiary_server: "<your_own_value>"
type: "simple"
username: "<your_own_value>"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
| http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
| http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
| mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
| name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
| path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
| revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
| serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
| status
string
|
always |
Indication of the operation's result
Sample:
success
|
| vdom
string
|
always |
Virtual domain used
Sample:
root
|
| version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_user_ldap_module.html