yadro.tatlin_uni.tatlin_sp_ldap module – Configure SP LDAP client settings.

Note

This module is part of the yadro.tatlin_uni collection (version 1.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install yadro.tatlin_uni.

To use it in a playbook, specify: yadro.tatlin_uni.tatlin_sp_ldap.

New in version 1.0.0: of yadro.tatlin_uni

Synopsis

• This module is intended to configure ldap settings for Storage Processor.

• Supports check mode

Parameters

Parameter	Comments
base_dn string	Ldap server’s base dn for search
connection dictionary / required	connection describes Tatlin Storage Processor (SP) connection configuration. Only session connection supported. Authorization is executed automatically with corresponding endpoint. ‘auth/login’ by default. Client receives x-auth-token and uses it for following requests.
base_url string / required	Tatlin REST API entrypoint.
password string	Tatlin user password.
timeout integer	Tatlin REST API request timeout. Default: 60
username string	Tatlin username to login.
validate_certs boolean	Responsible for SSL certificates validation. If set to False certificates won’t validated. Choices: no yes ← (default)
crt_content string	Content of ldap server’s certificate Required if (I)encryption is (C)ssl or (C)tls Mutually exclusive with (I)crt_path
crt_path string	Path to ldap server’s certificate Required if (I)encryption is (C)ssl or (C)tls Mutually exclusive with (I)crt_content
encryption string	Encryption mode If ldap is encrypted ((C)ssl or (C)tls), certificate must be passed. If ldap was already configured as encrypted and one or several fields are updated (for example (I)search_filter) (I)crt_path or (I)crt_content must be passed. Otherwise an operation will be failed Choices: ssl tls off
group_attribute string	Group attribute for search Prohibited if (I)type is (C)ad
host string	Ldap server’s address
lookup_password string	Password for lookup user Required if (I)state is (C)present
lookup_user string	Name of lookup user
port string	Ldap server’s port
search_filter string	Filter in RFC 4515 format
state string	Ldap server’s type Choices: present ← (default) absent
type string	Ldap server’s type Choices: ad custom
user_attribute string	User attribute for search Prohibited if (I)type is (C)ad

Examples

---
- name: Add ldap config
  yadro.tatlin_uni.tatlin_sp_ldap:
    connection: "{{ connection }}"
    host: "{{ ldap_host }}"
    port: 389
    lookup_user: cn=admin,dc=example,dc=com
    lookup_password: password
    base_dn: dc=example,dc=com
    search_filter: "(memberof=cn=Users,dc=example,dc=com)"
    encryption: off
    user_attribute: cn
    group_attribute: cn
    type: custom

- name: Change search filter
  yadro.tatlin_uni.tatlin_sp_ldap:
    connection: "{{ connection }}"
    lookup_password: password
    search_filter: (uid=*)

- name: Enable tls encryption
  yadro.tatlin_uni.tatlin_sp_ldap:
    connection: "{{ connection }}"
    lookup_password: password
    encryption: tls
    port: 389
    crt_path: /path/to/certificate.pem

- name: Add AD config with ssl encryption
  yadro.tatlin_uni.tatlin_sp_ldap:
    connection: "{{ connection }}"
    host: "{{ ldap_host }}"
    port: 636
    lookup_user: cn=admin,dc=example,dc=com
    lookup_password: password
    base_dn: dc=example,dc=com
    search_filter: "(memberof=cn=Users,dc=example,dc=com)"
    encryption: ssl
    crt_content: |
      -----BEGIN CERTIFICATE-----
      MIIDuz...
    type: ad

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
error string	Error details if raised Returned: on error
msg string	Operation status message Returned: always

Authors

• Sergey Kovalev (@kvlvs)

Collection links

Issue Tracker Repository (Sources)