community.general.utm_aaa_group module – Create, update or destroy an aaa group object in Sophos UTM
Note
This module is part of the community.general collection (version 9.4.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.utm_aaa_group.
Synopsis
Create, update or destroy an aaa group object in Sophos UTM.
This module needs to have the REST Ability of the UTM to be activated.
Parameters
Parameter |
Comments |
|---|---|
List of adirectory group strings. Default: |
|
Dictionary of group sids. Default: |
|
The backend for the group. Choices:
|
|
Comment that describes the AAA group. Default: |
|
Group type. Is static if none is selected. Choices:
|
|
List of edirectory group strings. Default: |
|
A dictionary of additional headers to be sent to POST and PUT requests. Is needed for some modules. Default: |
|
The ipsec dn string. Default: |
|
The ldap attribute to check against. Default: |
|
The ldap attribute value to check against. Default: |
|
A list of user ref names (aaa/user). Default: |
|
The name of the object. Will be used to identify the entry. |
|
The network reference name. The objects contains the known ip addresses for the authentication object (network/aaa). Default: |
|
A list of radius group strings. Default: |
|
The desired state of the object.
Choices:
|
|
A list of tacacs group strings. Default: |
|
The REST Endpoint of the Sophos UTM. |
|
The port of the REST interface. Default: |
|
The protocol of the REST Endpoint. Choices:
|
|
The token used to identify at the REST-API. See https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en, Chapter 2.4.2. |
|
Whether the REST interface’s ssl certificate should be verified or not. Choices:
|
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: none |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Create UTM aaa_group
community.general.utm_aaa_group:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAAAGroupEntry
backend_match: ldap
dynamic: directory_groups
ldap_attributes: memberof
ldap_attributes_value: "cn=groupname,ou=Groups,dc=mydomain,dc=com"
network: REF_OBJECT_STRING
state: present
- name: Remove UTM aaa_group
community.general.utm_aaa_group:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAAAGroupEntry
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The utm object that was created. Returned: success |
|
Whether or not the object is currently locked. Returned: success |
|
The reference name of the object. Returned: success |
|
The type of the object. Returned: success |
|
List of Active Directory Groups. Returned: success |
|
List of Active Directory Groups SIDS. Returned: success |
|
The backend to use. Returned: success |
|
The comment string. Returned: success |
|
Whether the group match is ipsec_dn or directory_group. Returned: success |
|
List of eDirectory Groups. Returned: success |
|
ipsec_dn identifier to match. Returned: success |
|
The LDAP Attribute to match against. Returned: success |
|
The LDAP Attribute Value to match against. Returned: success |
|
List of member identifiers of the group. Returned: success |
|
The name of the object. Returned: success |
|
The identifier of the network (network/aaa). Returned: success |
|
The radius group identifier. Returned: success |
|
The tacacs group identifier. Returned: success |