ldap_passwd - Set passwords in LDAP.¶
New in version 2.6.
Synopsis¶
- Set a password for an LDAP entry. This module only asserts that a given password is valid for a given entry. To assert the existence of an entry, see ldap_entry.
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
bind_dn |
A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism.
If this is blank, we'll use an anonymous bind.
|
|
bind_pw |
The password to use with bind_dn.
|
|
dn
required |
The DN of the entry to add or remove.
|
|
passwd
required |
Default: None
|
The (plaintext) password to be set for dn.
|
server_uri |
Default: ldapi:///
|
A URI to the LDAP server.
The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location.
|
start_tls
bool |
|
If true, we'll use the START_TLS LDAP extension.
|
validate_certs
bool (added in 2.4) |
|
If set to
no , SSL certificates will not be validated.This should only be used on sites using self-signed certificates.
|
Notes¶
Note
- The default authentication settings will attempt to use a SASL EXTERNAL bind over a UNIX domain socket. This works well with the default Ubuntu install for example, which includes a cn=peercred,cn=external,cn=auth ACL rule allowing root to modify the server configuration. If you need to use a simple bind to access your server, pass the credentials in bind_dn and bind_pw.
Examples¶
- name: Set a password for the admin user
ldap_passwd:
dn: cn=admin,dc=example,dc=com
passwd: "{{ vault_secret }}"
- name: Setting passwords in bulk
ldap_passwd:
dn: "{{ item.key }}"
passwd: "{{ item.value }}"
with_dict:
alice: alice123123
bob: "|30b!"
admin: "{{ vault_secret }}"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
modlist
list
|
success |
list of modified parameters
Sample:
[[2, "olcRootDN", ["cn=root,dc=example,dc=com"]]]
|
Status¶
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance¶
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author¶
- Keller Fuchs (@KellerFuchs)
Hint
If you notice any issues in this documentation you can edit this document to improve it.