community.general.utm_aaa_group – Create, update or destroy an aaa group object in Sophos UTM.

From Get docs
Ansible/docs/2.11/collections/community/general/utm aaa group module


community.general.utm_aaa_group – Create, update or destroy an aaa group object in Sophos UTM.

Note

This plugin is part of the community.general collection (version 2.0.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.utm_aaa_group.


Synopsis

  • Create, update or destroy an aaa group object in Sophos UTM.
  • This module needs to have the REST Ability of the UTM to be activated.

Parameters

Parameter Choices/Defaults Comments

adirectory_groups

list / elements=string

List of adirectory group strings.

adirectory_groups_sids

dictionary

Dictionary of group sids.

backend_match

string

  • none

  • adirectory
  • edirectory
  • radius
  • tacacs
  • ldap

The backend for the group.

comment

string

Default:

""

Comment that describes the AAA group.

dynamic

string

  • none

  • ipsec_dn
  • directory_groups

Group type. Is static if none is selected.

edirectory_groups

list / elements=string

List of edirectory group strings.

headers

dictionary

A dictionary of additional headers to be sent to POST and PUT requests.

Is needed for some modules

ipsec_dn

string

The ipsec dn string.

ldap_attribute

string

The ldap attribute to check against.

ldap_attribute_value

string

The ldap attribute value to check against.

members

list / elements=string

Default:

[]

A list of user ref names (aaa/user).

name

string / required

The name of the object. Will be used to identify the entry.

network

string

Default:

""

The network reference name. The objects contains the known ip addresses for the authentication object (network/aaa).

radius_groups

list / elements=string

Default:

[]

A list of radius group strings.

state

string

  • absent

  • present

The desired state of the object.

present will create or update an object

absent will delete an object if it was present

tacacs_groups

list / elements=string

Default:

[]

A list of tacacs group strings.

utm_host

string / required

The REST Endpoint of the Sophos UTM.

utm_port

integer

Default:

4444

The port of the REST interface.

utm_protocol

string

  • http

  • https

The protocol of the REST Endpoint.

utm_token

string / required

validate_certs

boolean

  • no

  • yes

Whether the REST interface's ssl certificate should be verified or not.



Examples

- name: Create UTM aaa_group
  community.general.utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    backend_match: ldap
    dynamic: directory_groups
    ldap_attributes: memberof
    ldap_attributes_value: "cn=groupname,ou=Groups,dc=mydomain,dc=com"
    network: REF_OBJECT_STRING
    state: present

- name: Remove UTM aaa_group
  community.general.utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

result

complex

success

The utm object that was created.


_locked

boolean

success

Whether or not the object is currently locked.


_ref

string

success

The reference name of the object.


_type

string

success

The type of the object.


adirectory_groups

string

success

List of Active Directory Groups.


adirectory_groups_sids

list / elements=string

success

List of Active Directory Groups SIDS.


backend_match

string

success

The backend to use.


comment

string

success

The comment string.


dynamic

string

success

Whether the group match is ipsec_dn or directory_group.


edirectory_groups

string

success

List of eDirectory Groups.


ipsec_dn

string

success

ipsec_dn identifier to match.


ldap_attribute

string

success

The LDAP Attribute to match against.


ldap_attribute_value

string

success

The LDAP Attribute Value to match against.


members

list / elements=string

success

List of member identifiers of the group.


name

string

success

The name of the object.


network

string

success

The identifier of the network (network/aaa).


radius_group

string

success

The radius group identifier.


tacacs_group

string

success

The tacacs group identifier.





Authors

  • Johannes Brunswicker (@MatrixCrawler)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/general/utm_aaa_group_module.html


Retrieved from "https://getdocs.org/index.php?title=Ansible/docs/2.11/collections/community/general/utm_aaa_group_module&oldid=62232"
Powered by MediaWiki