mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
0a3cd06c6e
As ansible-freeipa roles do not support version 2.8 anymore, change the minimum supported version to 2.13, which is the currently minimum available and supported Ansible version. This patch fixes documentation on all plugin READMEs, spec file and module templates.
3.6 KiB
3.6 KiB
Delegation module
Description
The delegation module allows to ensure presence, absence of delegations and delegation attributes.
Features
- Delegation management
Supported FreeIPA Versions
FreeIPA versions 4.4.0 and up are supported by the ipadelegation module.
Requirements
Controller
- Ansible version: 2.13+
Node
- Supported FreeIPA version (see above)
Usage
Example inventory file
[ipaserver]
ipaserver.test.local
Example playbook to make sure delegation "basic manager attributes" is present:
---
- name: Playbook to manage IPA delegation.
hosts: ipaserver
become: yes
tasks:
- ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
- employeetype
group: managers
membergroup: employees
Example playbook to make sure delegation "basic manager attributes" is absent:
---
- name: Playbook to manage IPA delegation.
hosts: ipaserver
become: yes
tasks:
- ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
state: absent
Example playbook to make sure "basic manager attributes" member attributes employeetype and employeenumber are present:
---
- name: Playbook to manage IPA delegation.
hosts: ipaserver
become: yes
tasks:
- ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- employeenumber
- employeetype
action: member
Example playbook to make sure "basic manager attributes" member attributes employeetype and employeenumber are absent:
---
- name: Playbook to manage IPA delegation.
hosts: ipaserver
become: yes
tasks:
- ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- employeenumber
- employeetype
action: member
state: absent
Example playbook to make sure delegation "basic manager attributes" is absent:
---
- name: Playbook to manage IPA delegation.
hosts: ipaserver
become: yes
tasks:
- ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
state: absent
Variables
| Variable | Description | Required |
|---|---|---|
ipaadmin_principal |
The admin principal is a string and defaults to admin |
no |
ipaadmin_password |
The admin password is a string and is required if there is no admin ticket available on the node | no |
ipaapi_context |
The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are server and client. |
no |
ipaapi_ldap_cache |
Use LDAP cache for IPA connection. The bool setting defaults to yes. (bool) | no |
name | aciname |
The list of delegation name strings. | yes |
permission | permissions |
The permission to grant read, read,write, write]. Default is write. |
no |
attribute | attrs |
The attribute list to which the delegation applies. | no |
membergroup | memberof |
The user group to apply delegation to. | no |
group |
User group ACI grants access to. | no |
action |
Work on delegation or member level. It can be on of member or delegation and defaults to delegation. |
no |
state |
The state to ensure. It can be one of present, absent, default: present. |
no |
Authors
Thomas Woerner