Docs4dev
Docs
ansible / 2.6 / modules / ldap_passwd_module.html

ldap_passwd - Set passwords in LDAP.

New in version 2.6.

Synopsis

  • Set a password for an LDAP entry. This module only asserts that a given password is valid for a given entry. To assert the existence of an entry, see ldap_entry.

Requirements

The below requirements are needed on the host that executes this module.

  • python-ldap

Parameters

Parameter Choices/Defaults Comments
bind_dn
A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism.
If this is blank, we'll use an anonymous bind.
bind_pw
The password to use with bind_dn.
dn
required
The DN of the entry to add or remove.
passwd
required
Default:
null
The (plaintext) password to be set for dn.
server_uri Default:
"ldapi:///"
A URI to the LDAP server.
The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location.
start_tls
bool
    Choices:
  • no
  • yes
If true, we'll use the START_TLS LDAP extension.
validate_certs
bool

(added in 2.4)
    Choices:
  • no
  • yes
If set to no, SSL certificates will not be validated.
This should only be used on sites using self-signed certificates.

Notes

Note

  • The default authentication settings will attempt to use a SASL EXTERNAL bind over a UNIX domain socket. This works well with the default Ubuntu install for example, which includes a cn=peercred,cn=external,cn=auth ACL rule allowing root to modify the server configuration. If you need to use a simple bind to access your server, pass the credentials in bind_dn and bind_pw.

Examples

- name: Set a password for the admin user
  ldap_passwd:
    dn: cn=admin,dc=example,dc=com
    passwd: "{{ vault_secret }}"

- name: Setting passwords in bulk
  ldap_passwd:
    dn: "{{ item.key }}"
    passwd: "{{ item.value }}"
  with_dict:
    alice: alice123123
    bob:   "|30b!"
    admin: "{{ vault_secret }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
modlist
list
success
list of modified parameters

Sample:
[[2, "olcRootDN", ["cn=root,dc=example,dc=com"]]]


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

  • Keller Fuchs (@kellerfuchs)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/ldap_passwd_module.html