W3cubDocs

/Ansible 2.11

netapp_eseries.santricity.na_santricity_ldap – NetApp E-Series manage LDAP integration to use for authentication

Note

This plugin is part of the netapp_eseries.santricity collection (version 1.1.0).

To install it use: ansible-galaxy collection install netapp_eseries.santricity.

To use it in a playbook, specify: netapp_eseries.santricity.na_santricity_ldap.

Synopsis
Parameters
Notes
Examples
Return Values

Synopsis

Configure an E-Series system to allow authentication via an LDAP server

Parameters

Parameter	Choices/Defaults	Comments
api_password string / required		The password to authenticate with the SANtricity Web Services Proxy or Embedded Web Services API.
api_url string / required		The url to the SANtricity Web Services Proxy or Embedded Web Services API. Example https://prod-1.wahoo.acme.com:8443/devmgr/v2
api_username string / required		The username to authenticate with the SANtricity Web Services Proxy or Embedded Web Services API.
bind_password string		This is the password for the bind user account. Required when bind_user is specified.
bind_user string		This is the user account that will be used for querying the LDAP server. Required when bind_password is specified. Example: CN=MyBindAcct,OU=ServiceAccounts,DC=example,DC=com
group_attributes list / elements=string	Default: ["memberOf"]	The user attributes that should be considered for the group to role mapping. Typically this is used with something like "memberOf", and a user"s access is tested against group membership or lack thereof.
identifier string	Default: "default"	This is a unique identifier for the configuration (for cases where there are multiple domains configured).
names list / elements=string		The domain name[s] that will be utilized when authenticating to identify which domain to utilize. Default to use the DNS name of the server. The only requirement is that the name[s] be resolvable. Example: [email protected]
role_mappings dictionary		This is where you specify which groups should have access to what permissions for the storage-system. For example, all users in group A will be assigned all 4 available roles, which will allow access to all the management functionality of the system (super-user). Those in group B only have the storage.monitor role, which will allow only read-only access. This is specified as a mapping of regular expressions to a list of roles. See the examples. The roles that will be assigned to to the group/groups matching the provided regex. storage.admin allows users full read/write access to storage objects and operations. storage.monitor allows users read-only access to storage objects and operations. support.admin allows users access to hardware, diagnostic information, the Major Event Log, and other critical support-related functionality, but not the storage configuration. security.admin allows users access to authentication/authorization configuration, as well as the audit log configuration, and certification management.
search_base string		The search base is used to find group memberships of the user. Example: ou=users,dc=example,dc=com
server_url string		This is the LDAP server url. The connection string should be specified as using the ldap or ldaps protocol along with the port information.
ssid string	Default: 1	The ID of the array to manage. This value must be unique for each array.
state string	Choices: present ← absent disabled	When state=="present" the defined LDAP domain will be added to the storage system. When state=="absent" the domain specified will be removed from the storage system. state=="disabled" will result in deleting all existing LDAP domains on the storage system.
user_attribute string	Default: "sAMAccountName"	This is the attribute we will use to match the provided username when a user attempts to authenticate.
validate_certs boolean	Choices: no yes ←	Should https certificates be validated?

Notes

Note

Check mode is supported
This module allows you to define one or more LDAP domains identified uniquely by identifier to use for authentication. Authorization is determined by role_mappings, in that different groups of users may be given different (or no), access to certain aspects of the system and API.
The local user accounts will still be available if the LDAP server becomes unavailable/inaccessible.
Generally, you”ll need to get the details of your organization”s LDAP server before you”ll be able to configure the system for using LDAP authentication; every implementation is likely to be very different.
This API is currently only supported with the Embedded Web Services API v2.0 and higher, or the Web Services Proxy v3.0 and higher.
The E-Series Ansible modules require either an instance of the Web Services Proxy (WSP), to be available to manage the storage-system, or an E-Series storage-system that supports the Embedded Web Services API.
Embedded Web Services is currently available on the E2800, E5700, EF570, and newer hardware models.
netapp_eseries.santricity.netapp_e_storage_system may be utilized for configuring the systems managed by a WSP instance.

Examples

- name: Disable LDAP authentication
  na_santricity_ldap:
    ssid: "1"
    api_url: "https://192.168.1.100:8443/devmgr/v2"
    api_username: "admin"
    api_password: "adminpass"
    validate_certs: true
    state: absent

- name: Remove the "default" LDAP domain configuration
  na_santricity_ldap:
    ssid: "1"
    api_url: "https://192.168.1.100:8443/devmgr/v2"
    api_username: "admin"
    api_password: "adminpass"
    validate_certs: true
    state: absent
    identifier: default

- name: Define a new LDAP domain, utilizing defaults where possible
  na_santricity_ldap:
    ssid: "1"
    api_url: "https://192.168.1.100:8443/devmgr/v2"
    api_username: "admin"
    api_password: "adminpass"
    validate_certs: true
    state: enabled
    bind_username: "CN=MyBindAccount,OU=ServiceAccounts,DC=example,DC=com"
    bind_password: "mySecretPass"
    server: "ldap://example.com:389"
    search_base: "OU=Users,DC=example,DC=com"
    role_mappings:
      ".*dist-dev-storage.*":
        - storage.admin
        - security.admin
        - support.admin
        - storage.monitor

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
msg string	on success	Success message Sample: The ldap settings have been updated.

Authors

Michael Price (@lmprice)
Nathan Swartz (@ndswartz)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/netapp_eseries/santricity/na_santricity_ldap_module.html