community.general.ldap_passwd – Set passwords in LDAP.
community.general.ldap_passwd – Set passwords in LDAP.
Note
This plugin is part of the community.general collection (version 2.0.1).
To install it use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.ldap_passwd
.
Synopsis
- Set a password for an LDAP entry. This module only asserts that a given password is valid for a given entry. To assert the existence of an entry, see community.general.ldap_entry.
Requirements
The below requirements are needed on the host that executes this module.
- python-ldap
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
bind_dn string |
A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism as default. If this is blank, we'll use an anonymous bind. | |
bind_pw string |
The password to use with bind_dn. | |
dn string / required |
The DN of the entry to add or remove. | |
passwd string |
The (plaintext) password to be set for dn. | |
referrals_chasing string added in 2.0.0 of community.general |
|
Set the referrals chasing behavior.
|
sasl_class string added in 2.0.0 of community.general |
|
The class to use for SASL authentication. possible choices are |
server_uri string |
Default: "ldapi:///" |
A URI to the LDAP server. The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location. |
start_tls boolean |
|
If true, we'll use the START_TLS LDAP extension. |
validate_certs boolean |
|
If set to This should only be used on sites using self-signed certificates. |
Notes
Note
- The default authentication settings will attempt to use a SASL EXTERNAL bind over a UNIX domain socket. This works well with the default Ubuntu install for example, which includes a cn=peercred,cn=external,cn=auth ACL rule allowing root to modify the server configuration. If you need to use a simple bind to access your server, pass the credentials in bind_dn and bind_pw.
Examples
- name: Set a password for the admin user
community.general.ldap_passwd:
dn: cn=admin,dc=example,dc=com
passwd: "{{ vault_secret }}"
- name: Setting passwords in bulk
community.general.ldap_passwd:
dn: "{{ item.key }}"
passwd: "{{ item.value }}"
with_dict:
alice: alice123123
bob: "|30b!"
admin: "{{ vault_secret }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
modlist list / elements=string |
success |
list of modified parameters
Sample: [[../2, "olcRootDN", ["cn=root,dc=example,dc=com"]]] |
Authors
- Keller Fuchs (@KellerFuchs)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/general/ldap_passwd_module.html