Documentation

ipa_group - Manage FreeIPA group

New in version 2.3.

Synopsis

  • Add, modify and delete group within IPA server

Parameters

Parameter
Choices/Defaults
Comments
cn
required
Canonical name.
Can not be changed as it is the unique identifier.

aliases: name
external
Allow adding external non-IPA members from trusted domains.
gidnumber
GID (use this option to set it manually).
group
List of group names assigned to this group.
If an empty list is passed all groups will be removed from this group.
If option is omitted assigned groups will not be checked or changed.
Groups that are already assigned but not passed will be removed.
ipa_host
Default:
ipa.example.com
IP or hostname of IPA server.
If the value is not specified in the task, the value of environment variable IPA_HOST will be used instead.
If both the environment variable IPA_HOST and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
ipa_pass
required
Password of administrative user.
If the value is not specified in the task, the value of environment variable IPA_PASS will be used instead.
If both the environment variable IPA_PASS and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
ipa_port
Default:
443
Port of FreeIPA / IPA server.
If the value is not specified in the task, the value of environment variable IPA_PORT will be used instead.
If both the environment variable IPA_PORT and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
ipa_prot
    Choices:
  • http
  • https ←
Protocol used by IPA server.
If the value is not specified in the task, the value of environment variable IPA_PROT will be used instead.
If both the environment variable IPA_PROT and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
ipa_user
Default:
admin
Administrative account used on IPA server.
If the value is not specified in the task, the value of environment variable IPA_USER will be used instead.
If both the environment variable IPA_USER and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
nonposix
Create as a non-POSIX group.
state
    Choices:
  • present ←
  • absent
State to ensure
user
List of user names assigned to this group.
If an empty list is passed all users will be removed from this group.
If option is omitted assigned users will not be checked or changed.
Users that are already assigned but not passed will be removed.
validate_certs
Default:
yes
This only applies if ipa_prot is https.
If set to no, the SSL certificates will not be validated.
This should only set to no used on personally controlled sites using self-signed certificates.

Examples

# Ensure group is present
- ipa_group:
    name: oinstall
    gidnumber: 54321
    state: present
    ipa_host: ipa.example.com
    ipa_user: admin
    ipa_pass: topsecret

# Ensure that groups sysops and appops are assigned to ops but no other group
- ipa_group:
    name: ops
    group:
    - sysops
    - appops
    ipa_host: ipa.example.com
    ipa_user: admin
    ipa_pass: topsecret

# Ensure that users linus and larry are assign to the group, but no other user
- ipa_group:
    name: sysops
    user:
    - linus
    - larry
    ipa_host: ipa.example.com
    ipa_user: admin
    ipa_pass: topsecret

# Ensure group is absent
- ipa_group:
    name: sysops
    state: absent
    ipa_host: ipa.example.com
    ipa_user: admin
    ipa_pass: topsecret

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key
Returned
Description
group
dict
always
Group as returned by IPA API



Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Author

  • Thomas Krahn (@Nosmoht)

Hint

If you notice any issues in this documentation you can edit this document to improve it.