ldap_entry - Add or remove LDAP entries.
New in version 2.3.
Synopsis
- Add or remove LDAP entries. This module only asserts the existence or non-existence of an LDAP entry, not its attributes. To assert the attribute values of an entry, see ldap_attr.
Requirements
The below requirements are needed on the host that executes this module.
- python-ldap
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
attributes | If state=present, attributes necessary to create an entry. Existing entries are never modified. To assert specific attribute values on an existing entry, use ldap_attr module instead. | |
bind_dn | A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism. If this is blank, we'll use an anonymous bind. | |
bind_pw | The password to use with bind_dn. | |
dn required | The DN of the entry to add or remove. | |
objectClass | If state=present, value or list of values to use when creating the entry. It can either be a string or an actual list of strings. | |
params | List of options which allows to overwrite any of the task or the attributes options. To remove an option, set the value of the option to null . | |
server_uri | Default: "ldapi:///" | A URI to the LDAP server. The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location. |
start_tls bool |
| If true, we'll use the START_TLS LDAP extension. |
state |
| The target state of the entry. |
validate_certs bool (added in 2.4) |
| If set to no , SSL certificates will not be validated.This should only be used on sites using self-signed certificates. |
Notes
Note
- The default authentication settings will attempt to use a SASL EXTERNAL bind over a UNIX domain socket. This works well with the default Ubuntu install for example, which includes a cn=peercred,cn=external,cn=auth ACL rule allowing root to modify the server configuration. If you need to use a simple bind to access your server, pass the credentials in bind_dn and bind_pw.
Examples
- name: Make sure we have a parent entry for users
ldap_entry:
dn: ou=users,dc=example,dc=com
objectClass: organizationalUnit
- name: Make sure we have an admin user
ldap_entry:
dn: cn=admin,dc=example,dc=com
objectClass:
- simpleSecurityObject
- organizationalRole
attributes:
description: An LDAP administrator
userPassword: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND"
- name: Get rid of an old entry
ldap_entry:
dn: ou=stuff,dc=example,dc=com
state: absent
server_uri: ldap://localhost/
bind_dn: cn=admin,dc=example,dc=com
bind_pw: password
#
# The same as in the previous example but with the authentication details
# stored in the ldap_auth variable:
#
# ldap_auth:
# server_uri: ldap://localhost/
# bind_dn: cn=admin,dc=example,dc=com
# bind_pw: password
- name: Get rid of an old entry
ldap_entry:
dn: ou=stuff,dc=example,dc=com
state: absent
params: "{{ ldap_auth }}"
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author
- Jiri Tyr (@jtyr)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/ldap_entry_module.html