-
Notifications
You must be signed in to change notification settings - Fork 52
pfsense_authserver_ldap
Orion Poplawski edited this page Jan 13, 2023
·
4 revisions
Manage pfSense LDAP authentication servers
ADDED IN: version 0.1.0 of pfsensible.core
OPTIONS (= is mandatory):
- attr_group
LDAP Group naming attribute
default: cn
type: str
- attr_groupobj
LDAP Group objectClass naming attribute
default: posixGroup
type: str
- attr_member
LDAP Group member naming attribute
default: member
type: str
- attr_user
LDAP User naming attribute
default: cn
type: str
- authcn
Authentication containers added to basedn
default: null
type: str
- basedn
Search base DN
default: null
type: str
- binddn
Search bind DN
default: null
type: str
- bindpw
Search bind password
default: null
type: str
- ca
Certificate Authority
default: global
type: str
- extended_enabled
Enable extended query
default: false
type: bool
- extended_query
Extended query
default: ''
type: str
- host
The hostname or IP address of the authentication server
default: null
type: str
- ldap_allow_unauthenticated
Allow unauthenticated bind (pfsense-CE >=2.5.0, pfsense-PLUS
>=21.2)
default: null
type: bool
- ldap_nostrip_at
Do not strip away parts of the username after the @ symbol
default: null
type: bool
- ldap_pam_groupdn
Shell Authentication Group DN (pfsense-CE >=2.5.0, pfsense-
PLUS >=21.2)
default: null
type: str
- ldap_rfc2307
LDAP Server uses RFC 2307 style group membership (RFC 2307bis
when False)
default: null
type: bool
- ldap_rfc2307_userdn
Use DN for username search (pfsense-CE >=2.5.0, pfsense-PLUS
>=21.2)
default: null
type: bool
- ldap_utf8
UTF8 encode LDAP parameters before sending them to the server.
default: null
type: bool
= name
The name of the authentication server
type: str
- port
Port to connect to
default: '389'
type: str
- protver
LDAP protocol version
choices: ['2', '3']
default: '3'
type: str
- scope
Search scope
choices: [one, subtree]
default: null
type: str
- state
State in which to leave the authentication server
choices: [present, absent]
default: present
type: str
- timeout
Server timeout in seconds
default: '25'
type: str
- transport
Transport to use
choices: [tcp, starttls, ssl]
default: null
type: str
AUTHOR: Orion Poplawski (@opoplawski)
METADATA:
metadata_version: '1.1'
status:
- preview
supported_by: community
EXAMPLES:
- name: Add adservers authentication server
pfsense_authserver_ldap:
name: AD
host: adserver.example.com
port: 636
transport: ssl
scope: subtree
authcn: cn=users
basedn: dc=example,dc=com
binddn: cn=bind,ou=Service Accounts,dc=example,dc=com
bindpw: "{{ vaulted_bindpw }}"
attr_user: samAccountName
attr_member: memberOf
attr_groupobj: group
state: present
- name: Remove LDAP authentication server
pfsense_authserver_ldap:
name: AD
state: absent