search

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
84 stars 48 forks source link

Local user module does not send email #259

Closed cardosocristian closed 1 year ago

cardosocristian commented 1 year ago

I'm using the local user module to register my users via ansible in Fortigate, but I noticed that if I use the module, the equipment does not trigger the fortitoken email when entering the system, if I register the user manually via CLI OR GUI, the email is sent at the end of registration.

Is there any way to insert this functionality in the module? The module I am referring to is this -> https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/gen/fortios_user_local.html

JieX19 commented 1 year ago

Hi @cardosocristian,

I can reproduce the issue. Tried via Postman and it did not send the email either. It's a backend bug, so I will report it to the API team. Will update this thread once there's a bugfix.

Thanks, Jie

JieX19 commented 1 year ago

Hi @cardosocristian

I found there's another api that can send the activation code. The module "user_local" can set up all the configurations but not send the email out. The CLI or GUI basically combines two operations together (set up the Two-factor Authentication and send the activation code ). So we got to send two requests via RESTAPI.

Here's an example:


  tasks:
  - name: Configure local users.
    fortios_user_local:
      enable_log: true
      vdom:  "{{ vdom }}"
      state: "present"
      user_local:
        auth_concurrent_override: "enable"
        auth_concurrent_value: "0"
        authtimeout: "0"
        email_to: "abc@gmail.com"
        fortitoken: "FTKMOB324C29689B"
        id:  "8"
        name: "test_user"
        status: "enable"
        two_factor: "fortitoken"
        two_factor_authentication: "fortitoken"
        two_factor_notification: "email"
        type: "password"
        username_case_sensitivity: "disable"
        username_sensitivity: "disable"

  - name: Send activation code to the email
    fortios_monitor:
      vdom: "root"
      selector: "send-activation.user.fortitoken"
      params:
        token: FTKMOB324C29689B
        method: email
        email: abc@gmail.com

Let me know if you have any questions.
cardosocristian commented 1 year ago

In my playbook I proceed in this way:

  - name: Criando usuario local
    fortios_user_local:
      state: present
      vdom: VPN
      user_local:
        email_to: "{{ item.email }}"
        fortitoken: "{{ item.fortitoken }}" 
        ldap_server: "AD-LDAP"
        name: "{{ item.name }}"
        type: "ldap"
        two_factor: "fortitoken"
    loop:
      - { name: "cristian.cardoso", email: "cristian.cardoso@email.com.br", fortitoken: "FTK1233455667CB" }

I run a test with your example and I return here the results.

JieX19 commented 1 year ago

@cardosocristian ,

I'm not quite clear with your response, does the example I provided work on your side? There're two tasks in the example, you have to use them together to receive the email.

The playbook you used is the first task in my example, you need to run the second task afterward.

cardosocristian commented 1 year ago

Hi @JieX19 with your example my Fortigate send the e-mail to the users, thanks.