thalesgroup.ciphertrust.connection_manager_ldap module – Manage connections to an Identity Provider(IdP) which support LDAP specifications

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.connection_manager_ldap.

New in thalesgroup.ciphertrust 1.0.0

Synopsis

  • This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with Connection Manager API for LDAP

Parameters

Parameter

Comments

base_dn

string

Starting point to use when searching for users

Default: "none"

bind_dn

string

Object which has permission to search under the root DN for users

Default: "none"

bind_password

string

Password for the Bind DN object of the LDAP connection

Default: "none"

connection_id

string

Unique ID of the connection to be updated

Default: "none"

description

string

Description about the connection

Default: "none"

group_base_dn

string

Starting point to use when searching for groups. This value can be left empty to disable group support for this connection

Default: "none"

group_filter

string

Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection

Default: "none"

group_id_attribute

string

Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'

Default: "none"

group_member_field

string

Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection

Default: "none"

group_name_attribute

string

Attribute inside the group object which contains the friendly name of the group

Default: "none"

insecure_skip_verify

string

Optional flag to disable verifying the server’s certificate. It ignores both the operating system’s CAs and root_cas if provided. Only applies if the server_url scheme is ldaps. Default value is false.

Default: "none"

localNode

dictionary / required

this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM)

holds IP/FQDN of the server, username, password, and port

password

string / required

admin password of CM

server_ip

string / required

CM Server IP or FQDN

server_port

integer / required

Port on which CM server is listening

Default: 5432

server_private_ip

string / required

internal or private IP of the CM Server, if different from the server_ip

user

string / required

admin username of CM

verify

boolean / required

if SSL verification is required

Choices:

  • false ← (default)

  • true

meta

dictionary

Optional end-user or service data stored with the connection

name

string / required

Unique connection name

Default: "none"

op_type

string / required

Operation to be performed

Choices:

  • "create"

  • "patch"

products

list / elements=string

Array of the CipherTrust products associated with the connection.

Default: ["none"]

root_cas

string

Optional list of certificates that are used to determine if the server is trusted. Only applies if the server_url scheme is ldaps.

If not provided, then the server’s certificate is verified using the operating system’s CAs.

Default: "none"

search_filter

string

Attribute inside the user object which contains the user distinguished name. If user_dn_attribute is not provided, it will default to 'dn'

Default: "none"

server_url

string

LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)

Default: "none"

user_login_attribute

string

Attribute inside the user object which contains the username used to login with

Default: "none"

Examples

- name: "Create LDAP Connection"
  thalesgroup.ciphertrust.connection_manager_ldap:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: create
    name: ldap_conn
    products:
      - cte
    server_url: "ldap://172.27.0.6:389"
    user_login_attribute: uid
    bind_dn: "cn=admin,dc=planetexpress,dc=com"
    bind_password: GoodNewsEveryone
    base_dn: "dc=planetexpress,dc=com"
    search_filter: "(objectclass=User)"

- name: "Update LDAP Connection"
  thalesgroup.ciphertrust.connection_manager_ldap:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: patch

Authors

  • Anurag Jain, Developer Advocate Thales Group