search

F5Networks / f5-ansible

Imperative Ansible modules for F5 BIG-IP products
GNU General Public License v3.0
375 stars 231 forks source link

Add ldap auth types to bigip_device_auth #1896

Closed jeffl2017 closed 3 years ago

jeffl2017 commented 4 years ago
ISSUE TYPE
COMPONENT NAME
ANSIBLE VERSION
ansible 2.9.13
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/testuser/.ansible/plugins/modules', u                                                                            '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.17 (default, Sep 30 2020, 13:38:04) [GCC 7.5.0]
PYTHON VERSION
Python 2.7.17
BIGIP VERSION
Sys::Version
Main Package
  Product     BIG-IP
  Version     13.1.3.4
  Build       0.0.5
  Edition     Point Release 4
  Date        Tue Jun 16 14:26:18 PDT 2020
CONFIGURATION
OS / ENVIRONMENT

N/A

SUMMARY

bigip_device_auth type only supports local and tacacs currently. Need to add ldap as a type. There is a module for configuring the auth ldap "bigip_device_auth_ldap" but there isn't a way to make it the active auth source so having to use either a tmsh command or iControl REST call,

STEPS TO REPRODUCE
    - name: Patch Auth Source
      uri:
        url: "https://{{ BIGIP_IP }}:{{ BIGIP_PORT }}/mgmt/tm/auth/source"
        method: PATCH
        headers:
          X-F5-Auth-Token: "{{ auth['json']['token']['name'] }}"
          Content-Type: "application/json"
        body: |
          {
            "type": "ldap"
          }
        body_format: json
        status_code: 200
        validate_certs: "{{ validate_certs }}"
      register: auth_source
EXPECTED RESULTS
ACTUAL RESULTS
focrensh commented 3 years ago

Does the following module fit the use case if you set "use_for_auth" parameter

https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_device_auth_ldap_module.html#bigip-device-auth-ldap-module

jeffl2017 commented 3 years ago

Yes that is what I was trying to do. It looks like this has been updated since I wrote my playbook and submitted the ticket. Indicated was updated to version 1.0.0. What version of Ansible will have this new version of the module as it is not in 2.9.14?

From: focrensh notifications@github.com Sent: Friday, October 30, 2020 5:45 PM To: F5Networks/f5-ansible f5-ansible@noreply.github.com Cc: Jeff Larmore J.Larmore@f5.com; Author author@noreply.github.com Subject: Re: [F5Networks/f5-ansible] Add ldap auth types to bigip_device_auth (#1896)

EXTERNAL MAIL: noreply@github.com

Does the following module fit the use case if you set "use_for_auth" parameter

https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_device_auth_ldap_module.html#bigip-device-auth-ldap-module

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/F5Networks/f5-ansible/issues/1896#issuecomment-719807976, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGECFIK7ABSYTCLAN3NQGU3SNMXVZANCNFSM4S7QUTZQ.

focrensh commented 3 years ago

Updates to ansible modules are through Collections now. Please check this documentation for installing the latest F5 Module Collection: https://clouddocs.f5.com/products/orchestration/ansible/devel/usage/getting_started.html#installing-collections

Thanks,