Note
This plugin is part of the netapp_eseries.santricity collection (version 1.2.13).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install netapp_eseries.santricity
.
To use it in a playbook, specify: netapp_eseries.santricity.na_santricity_ldap
.
Parameter | Choices/Defaults | Comments |
---|---|---|
api_password string / required | The password to authenticate with the SANtricity Web Services Proxy or Embedded Web Services API. | |
api_url string / required | The url to the SANtricity Web Services Proxy or Embedded Web Services API. Example https://prod-1.wahoo.acme.com:8443/devmgr/v2 | |
api_username string / required | The username to authenticate with the SANtricity Web Services Proxy or Embedded Web Services API. | |
bind_password string | This is the password for the bind user account. Required when bind_user is specified. | |
bind_user string | This is the user account that will be used for querying the LDAP server. Required when bind_password is specified. Example: CN=MyBindAcct,OU=ServiceAccounts,DC=example,DC=com | |
group_attributes list / elements=string | Default: ["memberOf"] | The user attributes that should be considered for the group to role mapping. Typically this is used with something like "memberOf", and a user"s access is tested against group membership or lack thereof. |
identifier string | Default: "default" | This is a unique identifier for the configuration (for cases where there are multiple domains configured). |
names list / elements=string | The domain name[s] that will be utilized when authenticating to identify which domain to utilize. Default to use the DNS name of the server. The only requirement is that the name[s] be resolvable. Example: [email protected] | |
role_mappings dictionary | This is where you specify which groups should have access to what permissions for the storage-system. For example, all users in group A will be assigned all 4 available roles, which will allow access to all the management functionality of the system (super-user). Those in group B only have the storage.monitor role, which will allow only read-only access. This is specified as a mapping of regular expressions to a list of roles. See the examples. The roles that will be assigned to to the group/groups matching the provided regex. storage.admin allows users full read/write access to storage objects and operations. storage.monitor allows users read-only access to storage objects and operations. support.admin allows users access to hardware, diagnostic information, the Major Event Log, and other critical support-related functionality, but not the storage configuration. security.admin allows users access to authentication/authorization configuration, as well as the audit log configuration, and certification management. | |
search_base string | The search base is used to find group memberships of the user. Example: ou=users,dc=example,dc=com | |
server_url string | This is the LDAP server url. The connection string should be specified as using the ldap or ldaps protocol along with the port information. | |
ssid string | Default: 1 | The ID of the array to manage. This value must be unique for each array. |
state string |
| When state=="present" the defined LDAP domain will be added to the storage system. When state=="absent" the domain specified will be removed from the storage system.
state=="disabled" will result in deleting all existing LDAP domains on the storage system. |
user_attribute string | Default: "sAMAccountName" | This is the attribute we will use to match the provided username when a user attempts to authenticate. |
validate_certs boolean |
| Should https certificates be validated? |
Note
- name: Disable LDAP authentication na_santricity_ldap: ssid: "1" api_url: "https://192.168.1.100:8443/devmgr/v2" api_username: "admin" api_password: "adminpass" validate_certs: true state: absent - name: Remove the "default" LDAP domain configuration na_santricity_ldap: ssid: "1" api_url: "https://192.168.1.100:8443/devmgr/v2" api_username: "admin" api_password: "adminpass" validate_certs: true state: absent identifier: default - name: Define a new LDAP domain, utilizing defaults where possible na_santricity_ldap: ssid: "1" api_url: "https://192.168.1.100:8443/devmgr/v2" api_username: "admin" api_password: "adminpass" validate_certs: true state: enabled bind_username: "CN=MyBindAccount,OU=ServiceAccounts,DC=example,DC=com" bind_password: "mySecretPass" server: "ldap://example.com:389" search_base: "OU=Users,DC=example,DC=com" role_mappings: ".*dist-dev-storage.*": - storage.admin - security.admin - support.admin - storage.monitor
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
msg string | on success | Success message Sample: The ldap settings have been updated. |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/netapp_eseries/santricity/na_santricity_ldap_module.html