New in version 2.3.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
attributes | If state=present, attributes necessary to create an entry. Existing entries are never modified. To assert specific attribute values on an existing entry, use ldap_attr module instead. | |
bind_dn | A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism. If this is blank, we'll use an anonymous bind. | |
bind_pw | The password to use with bind_dn. | |
dn required | The DN of the entry to add or remove. | |
objectClass | If state=present, value or list of values to use when creating the entry. It can either be a string or an actual list of strings. | |
params | List of options which allows to overwrite any of the task or the attributes options. To remove an option, set the value of the option to null . | |
server_uri | Default: ldapi:/// | A URI to the LDAP server. The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location. |
start_tls bool |
| If true, we'll use the START_TLS LDAP extension. |
state |
| The target state of the entry. |
validate_certs bool (added in 2.4) |
| If set to no , SSL certificates will not be validated.This should only be used on sites using self-signed certificates. |
Note
- name: Make sure we have a parent entry for users ldap_entry: dn: ou=users,dc=example,dc=com objectClass: organizationalUnit - name: Make sure we have an admin user ldap_entry: dn: cn=admin,dc=example,dc=com objectClass: - simpleSecurityObject - organizationalRole attributes: description: An LDAP administrator userPassword: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND" - name: Get rid of an old entry ldap_entry: dn: ou=stuff,dc=example,dc=com state: absent server_uri: ldap://localhost/ bind_dn: cn=admin,dc=example,dc=com bind_pw: password # # The same as in the previous example but with the authentication details # stored in the ldap_auth variable: # # ldap_auth: # server_uri: ldap://localhost/ # bind_dn: cn=admin,dc=example,dc=com # bind_pw: password - name: Get rid of an old entry ldap_entry: dn: ou=stuff,dc=example,dc=com state: absent params: "{{ ldap_auth }}"
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/ldap_entry_module.html