community.general.ldap_entry – Add or remove LDAP entries.
Note
This plugin is part of the community.general collection (version 3.8.1).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.ldap_entry.
Synopsis
- Add or remove LDAP entries. This module only asserts the existence or non-existence of an LDAP entry, not its attributes. To assert the attribute values of an entry, see community.general.ldap_attrs.
Requirements
The below requirements are needed on the host that executes this module.
- python-ldap
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| attributes
dictionary
|
If state=present, attributes necessary to create an entry. Existing entries are never modified. To assert specific attribute values on an existing entry, use community.general.ldap_attrs module instead.
|
|
| bind_dn
string
|
A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism as default.
If this is blank, we'll use an anonymous bind.
|
|
| bind_pw
string
|
The password to use with bind_dn.
|
|
| dn
string / required
|
The DN of the entry to add or remove.
|
|
| objectClass
list / elements=string
|
If state=present, value or list of values to use when creating the entry. It can either be a string or an actual list of strings.
|
|
| referrals_chasing
string
added in 2.0.0 of community.general
|
|
Set the referrals chasing behavior.
anonymous follow referrals anonymously. This is the default behavior.
disabled disable referrals chasing. This sets OPT_REFERRALS to off.
|
| sasl_class
string
added in 2.0.0 of community.general
|
|
The class to use for SASL authentication.
possible choices are external, gssapi.
|
| server_uri
string
|
Default:
"ldapi:///"
|
A URI to the LDAP server.
The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location.
|
| start_tls
boolean
|
|
If true, we'll use the START_TLS LDAP extension.
|
| state
string
|
|
The target state of the entry.
|
| validate_certs
boolean
|
|
If set to
no, SSL certificates will not be validated.
This should only be used on sites using self-signed certificates.
|
Notes
Note
- The default authentication settings will attempt to use a SASL EXTERNAL bind over a UNIX domain socket. This works well with the default Ubuntu install for example, which includes a cn=peercred,cn=external,cn=auth ACL rule allowing root to modify the server configuration. If you need to use a simple bind to access your server, pass the credentials in bind_dn and bind_pw.
Examples
- name: Make sure we have a parent entry for users
community.general.ldap_entry:
dn: ou=users,dc=example,dc=com
objectClass: organizationalUnit
- name: Make sure we have an admin user
community.general.ldap_entry:
dn: cn=admin,dc=example,dc=com
objectClass:
- simpleSecurityObject
- organizationalRole
attributes:
description: An LDAP administrator
userPassword: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND"
- name: Get rid of an old entry
community.general.ldap_entry:
dn: ou=stuff,dc=example,dc=com
state: absent
server_uri: ldap://localhost/
bind_dn: cn=admin,dc=example,dc=com
bind_pw: password
#
# The same as in the previous example but with the authentication details
# stored in the ldap_auth variable:
#
# ldap_auth:
# server_uri: ldap://localhost/
# bind_dn: cn=admin,dc=example,dc=com
# bind_pw: password
#
# In the example below, 'args' is a task keyword, passed at the same level as the module
- name: Get rid of an old entry
community.general.ldap_entry:
dn: ou=stuff,dc=example,dc=com
state: absent
args: "{{ ldap_auth }}"
Authors
- Jiri Tyr (@jtyr)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/ldap_entry_module.html