W3cubDocs

/Ansible

community.general.utm_aaa_group – Create, update or destroy an aaa group object in Sophos UTM.

Note

This plugin is part of the community.general collection (version 3.8.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.utm_aaa_group.

Synopsis

  • Create, update or destroy an aaa group object in Sophos UTM.
  • This module needs to have the REST Ability of the UTM to be activated.

Parameters

Parameter Choices/Defaults Comments
adirectory_groups
list / elements=string
List of adirectory group strings.
adirectory_groups_sids
dictionary
Dictionary of group sids.
backend_match
string
    Choices:
  • none
  • adirectory
  • edirectory
  • radius
  • tacacs
  • ldap
The backend for the group.
comment
string
Default:
""
Comment that describes the AAA group.
dynamic
string
    Choices:
  • none
  • ipsec_dn
  • directory_groups
Group type. Is static if none is selected.
edirectory_groups
list / elements=string
List of edirectory group strings.
headers
dictionary
A dictionary of additional headers to be sent to POST and PUT requests.
Is needed for some modules
ipsec_dn
string
The ipsec dn string.
ldap_attribute
string
The ldap attribute to check against.
ldap_attribute_value
string
The ldap attribute value to check against.
members
list / elements=string
Default:
[]
A list of user ref names (aaa/user).
name
string / required
The name of the object. Will be used to identify the entry.
network
string
Default:
""
The network reference name. The objects contains the known ip addresses for the authentication object (network/aaa).
radius_groups
list / elements=string
Default:
[]
A list of radius group strings.
state
string
    Choices:
  • absent
  • present
The desired state of the object.
present will create or update an object
absent will delete an object if it was present
tacacs_groups
list / elements=string
Default:
[]
A list of tacacs group strings.
utm_host
string / required
The REST Endpoint of the Sophos UTM.
utm_port
integer
Default:
4444
The port of the REST interface.
utm_protocol
string
    Choices:
  • http
  • https
The protocol of the REST Endpoint.
utm_token
string / required
validate_certs
boolean
    Choices:
  • no
  • yes
Whether the REST interface's ssl certificate should be verified or not.

Examples

- name: Create UTM aaa_group
  community.general.utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    backend_match: ldap
    dynamic: directory_groups
    ldap_attributes: memberof
    ldap_attributes_value: "cn=groupname,ou=Groups,dc=mydomain,dc=com"
    network: REF_OBJECT_STRING
    state: present

- name: Remove UTM aaa_group
  community.general.utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
result
complex
success
The utm object that was created.

_locked
boolean
success
Whether or not the object is currently locked.

_ref
string
success
The reference name of the object.

_type
string
success
The type of the object.

adirectory_groups
string
success
List of Active Directory Groups.

adirectory_groups_sids
list / elements=string
success
List of Active Directory Groups SIDS.

backend_match
string
success
The backend to use.

comment
string
success
The comment string.

dynamic
string
success
Whether the group match is ipsec_dn or directory_group.

edirectory_groups
string
success
List of eDirectory Groups.

ipsec_dn
string
success
ipsec_dn identifier to match.

ldap_attribute
string
success
The LDAP Attribute to match against.

ldap_attribute_value
string
success
The LDAP Attribute Value to match against.

members
list / elements=string
success
List of member identifiers of the group.

name
string
success
The name of the object.

network
string
success
The identifier of the network (network/aaa).

radius_group
string
success
The radius group identifier.

tacacs_group
string
success
The tacacs group identifier.



Authors

  • Johannes Brunswicker (@MatrixCrawler)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/utm_aaa_group_module.html