Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
duality-group / ansible python
Repository URL to install this package:
|
Version:
6.0.0 ▾
|
#!/usr/bin/python
from __future__ import absolute_import, division, print_function
# Copyright 2019-2021 Fortinet, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
__metaclass__ = type
ANSIBLE_METADATA = {'status': ['preview'],
'supported_by': 'community',
'metadata_version': '1.1'}
DOCUMENTATION = '''
---
module: fmgr_user_ldap_dynamicmapping
short_description: Configure LDAP server entries.
description:
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
version_added: "2.10"
author:
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
notes:
- Running in workspace locking mode is supported in this FortiManager module, the top
level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override
the conditions to fail or succeed with parameters rc_failed and rc_succeeded
options:
enable_log:
description: Enable/Disable logging for task
required: false
type: bool
default: false
proposed_method:
description: The overridden method for the underlying Json RPC request
required: false
type: str
choices:
- update
- set
- add
bypass_validation:
description: only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
required: false
type: bool
default: false
workspace_locking_adom:
description: the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
required: false
type: str
workspace_locking_timeout:
description: the maximum time in seconds to wait for other user to release the workspace lock
required: false
type: int
default: 300
state:
description: the directive to create, update or delete an object
type: str
required: true
choices:
- present
- absent
rc_succeeded:
description: the rc codes list with which the conditions to succeed will be overriden
type: list
required: false
rc_failed:
description: the rc codes list with which the conditions to fail will be overriden
type: list
required: false
adom:
description: the parameter (adom) in requested url
type: str
required: true
ldap:
description: the parameter (ldap) in requested url
type: str
required: true
user_ldap_dynamicmapping:
description: the top level parameters set
required: false
type: dict
suboptions:
_scope:
description: no description
type: list
suboptions:
name:
type: str
description: 'Name.'
vdom:
type: str
description: 'Vdom.'
account-key-filter:
type: str
description: 'Account key filter, using the UPN as the search filter.'
account-key-name:
type: str
description: 'Account-Key-Name.'
account-key-processing:
type: str
description: 'Account key processing operation, either keep or strip domain string of UPN in the token.'
choices:
- 'same'
- 'strip'
ca-cert:
type: str
description: 'CA certificate name.'
cnid:
type: str
description: 'Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".'
dn:
type: str
description: 'Distinguished name used to look up entries on the LDAP server.'
filter:
type: str
description: 'Filter.'
group:
type: str
description: 'Group.'
group-filter:
type: str
description: 'Filter used for group matching.'
group-member-check:
type: str
description: 'Group member checking methods.'
choices:
- 'user-attr'
- 'group-object'
- 'posix-group-object'
group-object-filter:
type: str
description: 'Filter used for group searching.'
group-object-search-base:
type: str
description: 'Group-Object-Search-Base.'
group-search-base:
type: str
description: 'Search base used for group searching.'
member-attr:
type: str
description: 'Name of attribute from which to get group membership.'
obtain-user-info:
type: str
description: 'Enable/disable obtaining of user information.'
choices:
- 'disable'
- 'enable'
password:
description: no description
type: str
password-expiry-warning:
type: str
description: 'Enable/disable password expiry warnings.'
choices:
- 'disable'
- 'enable'
password-renewal:
type: str
description: 'Enable/disable online password renewal.'
choices:
- 'disable'
- 'enable'
port:
type: int
description: 'Port to be used for communication with the LDAP server (default = 389).'
retrieve-protection-profile:
type: str
description: 'Retrieve-Protection-Profile.'
search-type:
description: no description
type: list
choices:
- nested
- recursive
secondary-server:
type: str
description: 'Secondary LDAP server CN domain name or IP.'
secure:
type: str
description: 'Port to be used for authentication.'
choices:
- 'disable'
- 'starttls'
- 'ldaps'
server:
type: str
description: 'LDAP server CN domain name or IP.'
server-identity-check:
type: str
description: 'Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate).'
choices:
- 'disable'
- 'enable'
source-ip:
type: str
description: 'Source IP for communications to LDAP server.'
ssl-min-proto-version:
type: str
description: 'Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).'
choices:
- 'default'
- 'TLSv1'
- 'TLSv1-1'
- 'TLSv1-2'
- 'SSLv3'
tertiary-server:
type: str
description: 'Tertiary LDAP server CN domain name or IP.'
type:
type: str
description: 'Authentication type for LDAP searches.'
choices:
- 'simple'
- 'anonymous'
- 'regular'
user-info-exchange-server:
type: str
description: 'MS Exchange server from which to fetch user information.'
username:
type: str
description: 'Username (full DN) for initial binding.'
two-factor:
type: str
description: 'Enable/disable two-factor authentication.'
choices:
- 'disable'
- 'fortitoken-cloud'
interface:
type: str
description: 'Specify outgoing interface to reach server.'
interface-select-method:
type: str
description: 'Specify how to select outgoing interface to reach server.'
choices:
- 'auto'
- 'sdwan'
- 'specify'
two-factor-authentication:
type: str
description: 'Authentication method by FortiToken Cloud.'
choices:
- 'fortitoken'
- 'email'
- 'sms'
two-factor-notification:
type: str
description: 'Notification method for user activation by FortiToken Cloud.'
choices:
- 'email'
- 'sms'
antiphish:
type: str
description: 'Enable/disable AntiPhishing credential backend.'
choices:
- 'disable'
- 'enable'
password-attr:
type: str
description: 'Name of attribute to get password hash.'
source-port:
type: int
description: 'Source port to be used for communication with the LDAP server.'
'''
EXAMPLES = '''
- name: gathering fortimanager facts
hosts: fortimanager00
gather_facts: no
connection: httpapi
collections:
- fortinet.fortimanager
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: retrieve all the dynamic mappings of LDAP server
fmgr_fact:
facts:
selector: 'user_ldap_dynamicmapping'
params:
adom: 'ansible'
ldap: 'ansible-test-ldap' # name
dynamic_mapping: ''
- hosts: fortimanager00
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure dynamic mappings of LDAP server
fmgr_user_ldap_dynamicmapping:
bypass_validation: False
adom: ansible
ldap: ansible-test-ldap # name
state: present
user_ldap_dynamicmapping:
_scope:
-
name: FGT_AWS # need a valid device name
vdom: root # need a valid vdom name under the device
dn: ansible-test-dn
password: fortinet
port: 9000
server: ansible
username: ansible-test-dyn
'''
RETURN = '''
request_url:
description: The full url requested
returned: always
type: str
sample: /sys/login/user
response_code:
description: The status of api request
returned: always
type: int
sample: 0
response_message:
description: The descriptive message of the api response
type: str
returned: always
sample: OK.
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
from ansible_collections.fortinet.fortimanager.plugins.module_utils.napi import NAPIManager
from ansible_collections.fortinet.fortimanager.plugins.module_utils.napi import check_galaxy_version
from ansible_collections.fortinet.fortimanager.plugins.module_utils.napi import check_parameter_bypass
def main():
jrpc_urls = [
'/pm/config/adom/{adom}/obj/user/ldap/{ldap}/dynamic_mapping',
'/pm/config/global/obj/user/ldap/{ldap}/dynamic_mapping'
]
perobject_jrpc_urls = [
'/pm/config/adom/{adom}/obj/user/ldap/{ldap}/dynamic_mapping/{dynamic_mapping}',
'/pm/config/global/obj/user/ldap/{ldap}/dynamic_mapping/{dynamic_mapping}'
]
url_params = ['adom', 'ldap']
module_primary_key = 'complex:{{module}}["_scope"][0]["name"]+"/"+{{module}}["_scope"][0]["vdom"]'
module_arg_spec = {
'enable_log': {
'type': 'bool',
'required': False,
'default': False
},
'forticloud_access_token': {
'type': 'str',
'required': False,
'no_log': True
},
'proposed_method': {
'type': 'str',
'required': False,
'choices': [
'set',
'update',
'add'
]
},
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'state': {
'type': 'str',
'required': True,
'choices': [
'present',
'absent'
]
},
'adom': {
'required': True,
'type': 'str'
},
'ldap': {
'required': True,
'type': 'str'
},
'user_ldap_dynamicmapping': {
'required': False,
'type': 'dict',
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'options': {
'_scope': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'list',
'options': {
'name': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'vdom': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
}
}
},
'account-key-filter': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'account-key-name': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'account-key-processing': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'same',
'strip'
],
'type': 'str'
},
'ca-cert': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'cnid': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'dn': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'filter': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'group': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'group-filter': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'group-member-check': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'user-attr',
'group-object',
'posix-group-object'
],
'type': 'str'
},
'group-object-filter': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'group-object-search-base': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'group-search-base': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'member-attr': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'obtain-user-info': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'disable',
'enable'
],
'type': 'str'
},
'password': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'password-expiry-warning': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'disable',
'enable'
],
'type': 'str'
},
'password-renewal': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'disable',
'enable'
],
'type': 'str'
},
'port': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
},
'retrieve-protection-profile': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'search-type': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'list',
'choices': [
'nested',
'recursive'
]
},
'secondary-server': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'secure': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'disable',
'starttls',
'ldaps'
],
'type': 'str'
},
'server': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'server-identity-check': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'disable',
'enable'
],
'type': 'str'
},
'source-ip': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'ssl-min-proto-version': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'default',
'TLSv1',
'TLSv1-1',
'TLSv1-2',
'SSLv3'
],
'type': 'str'
},
'tertiary-server': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'type': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'simple',
'anonymous',
'regular'
],
'type': 'str'
},
'user-info-exchange-server': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'username': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'two-factor': {
'required': False,
'revision': {
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'disable',
'fortitoken-cloud'
],
'type': 'str'
},
'interface': {
'required': False,
'revision': {
'6.2.5': True,
'6.4.0': False,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'interface-select-method': {
'required': False,
'revision': {
'6.2.5': True,
'6.4.0': False,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'auto',
'sdwan',
'specify'
],
'type': 'str'
},
'two-factor-authentication': {
'required': False,
'revision': {
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'fortitoken',
'email',
'sms'
],
'type': 'str'
},
'two-factor-notification': {
'required': False,
'revision': {
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'email',
'sms'
],
'type': 'str'
},
'antiphish': {
'required': False,
'revision': {
'7.0.0': True
},
'choices': [
'disable',
'enable'
],
'type': 'str'
},
'password-attr': {
'required': False,
'revision': {
'7.0.0': True
},
'type': 'str'
},
'source-port': {
'required': False,
'revision': {
'7.0.0': True
},
'type': 'int'
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(module_arg_spec, 'user_ldap_dynamicmapping'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
connection.set_option('enable_log', module.params['enable_log'] if 'enable_log' in module.params else False)
connection.set_option('forticloud_access_token',
module.params['forticloud_access_token'] if 'forticloud_access_token' in module.params else None)
fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_curd(argument_specs=module_arg_spec)
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
if __name__ == '__main__':
main()