W3cubDocs

/Ansible 2.11

community.general.ldap_search – Search for entries in a LDAP server

Note

This plugin is part of the community.general collection (version 2.0.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.ldap_search.

New in version 0.2.0: of community.general

Synopsis
Requirements
Parameters
Notes
Examples

Synopsis

Return the results of an LDAP search.

Requirements

The below requirements are needed on the host that executes this module.

python-ldap

Parameters

Parameter	Choices/Defaults	Comments
attrs list / elements=string		A list of attributes for limiting the result. Use an actual list or a comma-separated string.
bind_dn string		A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism as default. If this is blank, we'll use an anonymous bind.
bind_pw string		The password to use with bind_dn.
dn string / required		The LDAP DN to search in.
filter string	Default: "(objectClass=*)"	Used for filtering the LDAP search result.
referrals_chasing string added in 2.0.0 of community.general	Choices: disabled anonymous ←	Set the referrals chasing behavior. `anonymous` follow referrals anonymously. This is the default behavior. `disabled` disable referrals chasing. This sets `OPT_REFERRALS` to off.
sasl_class string added in 2.0.0 of community.general	Choices: external ← gssapi	The class to use for SASL authentication. possible choices are `external`, `gssapi`.
schema boolean	Choices: no ← yes	Set to `true` to return the full attribute schema of entries, not their attribute values. Overrides attrs when provided.
scope string	Choices: base ← onelevel subordinate children	The LDAP scope to use.
server_uri string	Default: "ldapi:///"	A URI to the LDAP server. The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location.
start_tls boolean	Choices: no ← yes	If true, we'll use the START_TLS LDAP extension.
validate_certs boolean	Choices: no yes ←	If set to `no`, SSL certificates will not be validated. This should only be used on sites using self-signed certificates.

Notes

Note

The default authentication settings will attempt to use a SASL EXTERNAL bind over a UNIX domain socket. This works well with the default Ubuntu install for example, which includes a cn=peercred,cn=external,cn=auth ACL rule allowing root to modify the server configuration. If you need to use a simple bind to access your server, pass the credentials in bind_dn and bind_pw.

Examples

- name: Return all entries within the 'groups' organizational unit.
  community.general.ldap_search:
    dn: "ou=groups,dc=example,dc=com"
  register: ldap_groups

- name: Return GIDs for all groups
  community.general.ldap_search:
    dn: "ou=groups,dc=example,dc=com"
    scope: "onelevel"
    attrs:
      - "gidNumber"
  register: ldap_group_gids

Authors

Sebastian Pfahl (@eryx12o45)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/general/ldap_search_module.html