utm_aaa_group – Create, update or destroy an aaa group object in Sophos UTM

From Get docs
Ansible/docs/2.8/modules/utm aaa group module


utm_aaa_group – Create, update or destroy an aaa group object in Sophos UTM

New in version 2.8.


Synopsis

  • Create, update or destroy an aaa group object in Sophos UTM.
  • This module needs to have the REST Ability of the UTM to be activated.

Parameters

Parameter Choices/Defaults Comments

adirectory_groups

list

List of adirectory group strings.

adirectory_groups_sids

dictionary

Dictionary of group sids.

backend_match

string

  • none

  • adirectory
  • edirectory
  • radius
  • tacacs
  • ldap

The backend for the group.

comment

string

Default:

""

Comment that describes the AAA group.

dynamic

string

  • none

  • ipsec_dn
  • directory_groups

Group type. Is static if none is selected.

edirectory_groups

list

List of edirectory group strings.

headers

dictionary

A dictionary of additional headers to be sent to POST and PUT requests.

Is needed for some modules

ipsec_dn

string

The ipsec dn string.

ldap_attribute

string

The ldap attribute to check against.

ldap_attribute_value

string

The ldap attribute value to check against.

members

list

Default:

[]

A list of user ref names (aaa/user).

name

string / required

The name of the object. Will be used to identify the entry.

network

string

Default:

""

The network reference name. The objects contains the known ip addresses for the authentication object (network/aaa).

radius_groups

list

Default:

[]

A list of radius group strings.

state

string

  • absent
  • present

The desired state of the object.

present will create or update an object

absent will delete an object if it was present

tacacs_groups

list

Default:

[]

A list of tacacs group strings.

utm_host

string / required

The REST Endpoint of the Sophos UTM.

utm_port

integer

Default:

4444

The port of the REST interface.

utm_protocol

string

  • http
  • https

The protocol of the REST Endpoint.

utm_token

string / required

validate_certs

boolean

  • no
  • yes

Whether the REST interface's ssl certificate should be verified or not.



Examples

- name: Create UTM aaa_group
  utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    backend_match: ldap
    dynamic: directory_groups
    ldap_attributes: memberof
    ldap_attributes_value: "cn=groupname,ou=Groups,dc=mydomain,dc=com"
    network: REF_OBJECT_STRING
    state: present

- name: Remove UTM aaa_group
  utm_aaa_group:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAAAGroupEntry
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

result

complex

success

The utm object that was created.


_locked

boolean

Whether or not the object is currently locked.


_ref

string

The reference name of the object.


_type

string

The type of the object.


adirectory_groups

string

List of Active Directory Groups.


adirectory_groups_sids

list

List of Active Directory Groups SIDS.


backend_match

string

The backend to use.


comment

string

The comment string.


dynamic

string

Whether the group match is ipsec_dn or directory_group.


edirectory_groups

string

List of eDirectory Groups.


ipsec_dn

string

ipsec_dn identifier to match.


ldap_attribute

string

The LDAP Attribute to match against.


ldap_attribute_value

string

The LDAP Attribute Value to match against.


members

list

List of member identifiers of the group.


name

string

The name of the object.


network

string

The identifier of the network (network/aaa).


radius_group

string

The radius group identifier.


tacacs_group

string

The tacacs group identifier.





Status

Authors

  • Johannes Brunswicker (@MatrixCrawler)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/utm_aaa_group_module.html