thalesgroup.ciphertrust.connection_manager_ldap module – Manage connections to an Identity Provider(IdP) which support LDAP specifications
Note
This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).
To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust
.
To use it in a playbook, specify: thalesgroup.ciphertrust.connection_manager_ldap
.
New in thalesgroup.ciphertrust 1.0.0
Synopsis
This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with Connection Manager API for LDAP
Parameters
Parameter |
Comments |
---|---|
Starting point to use when searching for users Default: |
|
Object which has permission to search under the root DN for users Default: |
|
Password for the Bind DN object of the LDAP connection Default: |
|
Unique ID of the connection to be updated Default: |
|
Description about the connection Default: |
|
Starting point to use when searching for groups. This value can be left empty to disable group support for this connection Default: |
|
Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection Default: |
|
Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute' Default: |
|
Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection Default: |
|
Attribute inside the group object which contains the friendly name of the group Default: |
|
Optional flag to disable verifying the server’s certificate. It ignores both the operating system’s CAs and root_cas if provided. Only applies if the server_url scheme is ldaps. Default value is false. Default: |
|
this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port |
|
admin password of CM |
|
CM Server IP or FQDN |
|
Port on which CM server is listening Default: |
|
internal or private IP of the CM Server, if different from the server_ip |
|
admin username of CM |
|
if SSL verification is required Choices:
|
|
Optional end-user or service data stored with the connection |
|
Unique connection name Default: |
|
Operation to be performed Choices:
|
|
Array of the CipherTrust products associated with the connection. Default: |
|
Optional list of certificates that are used to determine if the server is trusted. Only applies if the server_url scheme is ldaps. If not provided, then the server’s certificate is verified using the operating system’s CAs. Default: |
|
Attribute inside the user object which contains the user distinguished name. If user_dn_attribute is not provided, it will default to 'dn' Default: |
|
LDAP URL for your server. (e.g. ldap://172.16.2.2:3268) Default: |
|
Attribute inside the user object which contains the username used to login with Default: |
Examples
- name: "Create LDAP Connection"
thalesgroup.ciphertrust.connection_manager_ldap:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: create
name: ldap_conn
products:
- cte
server_url: "ldap://172.27.0.6:389"
user_login_attribute: uid
bind_dn: "cn=admin,dc=planetexpress,dc=com"
bind_password: GoodNewsEveryone
base_dn: "dc=planetexpress,dc=com"
search_filter: "(objectclass=User)"
- name: "Update LDAP Connection"
thalesgroup.ciphertrust.connection_manager_ldap:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: patch