ldap_entry - Add or remove LDAP entries.
- Add or remove LDAP entries. This module only asserts the existence or non-existence of an LDAP entry, not its attributes. To assert the attribute values of an entry, see ldap_attr.
The below requirements are needed on the host that executes this module.
Parameter |
Choices/Defaults |
Comments |
attributes
|
|
If state=present, attributes necessary to create an entry. Existing entries are never modified. To assert specific attribute values on an existing entry, use ldap_attr module instead.
|
bind_dn
|
|
A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism.
If this is blank, we'll use an anonymous bind.
|
bind_pw
|
|
The password to use with bind_dn.
|
dn
required |
|
The DN of the entry to add or remove.
|
objectClass
|
|
If state=present, value or list of values to use when creating the entry. It can either be a string or an actual list of strings.
|
params
|
|
List of options which allows to overwrite any of the task or the attributes options. To remove an option, set the value of the option to null .
|
server_uri
|
Default:
ldapi:///
|
A URI to the LDAP server.
The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location.
|
start_tls
bool |
|
If true, we'll use the START_TLS LDAP extension.
|
state
|
Choices:
present ←
- absent
|
The target state of the entry.
|
validate_certs
bool
(added in 2.4) |
|
If set to no , SSL certificates will not be validated.
This should only be used on sites using self-signed certificates.
|
Note
- The default authentication settings will attempt to use a SASL EXTERNAL bind over a UNIX domain socket. This works well with the default Ubuntu install for example, which includes a cn=peercred,cn=external,cn=auth ACL rule allowing root to modify the server configuration. If you need to use a simple bind to access your server, pass the credentials in bind_dn and bind_pw.
- name: Make sure we have a parent entry for users
ldap_entry:
dn: ou=users,dc=example,dc=com
objectClass: organizationalUnit
- name: Make sure we have an admin user
ldap_entry:
dn: cn=admin,dc=example,dc=com
objectClass:
- simpleSecurityObject
- organizationalRole
attributes:
description: An LDAP administrator
userPassword: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND"
- name: Get rid of an old entry
ldap_entry:
dn: ou=stuff,dc=example,dc=com
state: absent
server_uri: ldap://localhost/
bind_dn: cn=admin,dc=example,dc=com
bind_pw: password
#
# The same as in the previous example but with the authentication details
# stored in the ldap_auth variable:
#
# ldap_auth:
# server_uri: ldap://localhost/
# bind_dn: cn=admin,dc=example,dc=com
# bind_pw: password
- name: Get rid of an old entry
ldap_entry:
dn: ou=stuff,dc=example,dc=com
state: absent
params: "{{ ldap_auth }}"
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Hint
If you notice any issues in this documentation you can edit this document to improve it.