Vhw8ddlmZmZmZeZdZdZdZddl Z ddl m Z ddl m Z mZddlmZGd d e Z dd Zd Zd ZdZedk(reyy))absolute_importdivisionprint_functionaf module: ipa_config author: Fran Fitzpatrick (@fxfitz) short_description: Manage Global FreeIPA Configuration Settings description: - Modify global configuration settings of a FreeIPA Server. attributes: check_mode: support: full diff_mode: support: none options: ipaconfigstring: description: Extra hashes to generate in password plug-in. aliases: ["configstring"] type: list elements: str choices: ["AllowNThash", "KDC:Disable Last Success", "KDC:Disable Lockout", "KDC:Disable Default Preauth for SPNs"] version_added: '2.5.0' ipadefaultloginshell: description: Default shell for new users. aliases: ["loginshell"] type: str ipadefaultemaildomain: description: Default e-mail domain for new users. aliases: ["emaildomain"] type: str ipadefaultprimarygroup: description: Default group for new users. aliases: ["primarygroup"] type: str version_added: '2.5.0' ipagroupobjectclasses: description: A list of group objectclasses. aliases: ["groupobjectclasses"] type: list elements: str version_added: '7.3.0' ipagroupsearchfields: description: A list of fields to search in when searching for groups. aliases: ["groupsearchfields"] type: list elements: str version_added: '2.5.0' ipahomesrootdir: description: Default location of home directories. aliases: ["homesrootdir"] type: str version_added: '2.5.0' ipakrbauthzdata: description: Default types of PAC supported for services. aliases: ["krbauthzdata"] type: list elements: str choices: ["MS-PAC", "PAD", "nfs:NONE"] version_added: '2.5.0' ipamaxusernamelength: description: Maximum length of usernames. aliases: ["maxusernamelength"] type: int version_added: '2.5.0' ipapwdexpadvnotify: description: Notice of impending password expiration, in days. aliases: ["pwdexpadvnotify"] type: int version_added: '2.5.0' ipasearchrecordslimit: description: Maximum number of records to search (-1 or 0 is unlimited). aliases: ["searchrecordslimit"] type: int version_added: '2.5.0' ipasearchtimelimit: description: Maximum amount of time (seconds) for a search (-1 or 0 is unlimited). aliases: ["searchtimelimit"] type: int version_added: '2.5.0' ipaselinuxusermaporder: description: The SELinux user map order (order in increasing priority of SELinux users). aliases: ["selinuxusermaporder"] type: list elements: str version_added: '3.7.0' ipauserauthtype: description: - The authentication type to use by default. - The choice V(idp) has been added in community.general 7.3.0. - The choice V(passkey) has been added in community.general 8.1.0. aliases: ["userauthtype"] choices: ["password", "radius", "otp", "pkinit", "hardened", "idp", "passkey", "disabled"] type: list elements: str version_added: '2.5.0' ipauserobjectclasses: description: A list of user objectclasses. aliases: ["userobjectclasses"] type: list elements: str version_added: '7.3.0' ipausersearchfields: description: A list of fields to search in when searching for users. aliases: ["usersearchfields"] type: list elements: str version_added: '2.5.0' extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes a - name: Ensure password plugin features DC:Disable Last Success and KDC:Disable Lockout are enabled community.general.ipa_config: ipaconfigstring: ["KDC:Disable Last Success", "KDC:Disable Lockout"] ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the default login shell is bash community.general.ipa_config: ipadefaultloginshell: /bin/bash ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the default e-mail domain is ansible.com community.general.ipa_config: ipadefaultemaildomain: ansible.com ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the default primary group is set to ipausers community.general.ipa_config: ipadefaultprimarygroup: ipausers ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the group search fields are set to 'cn,description' community.general.ipa_config: ipagroupsearchfields: ['cn', 'description'] ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the home directory location is set to /home community.general.ipa_config: ipahomesrootdir: /home ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the default types of PAC supported for services is set to MS-PAC and PAD community.general.ipa_config: ipakrbauthzdata: ["MS-PAC", "PAD"] ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the maximum user name length is set to 32 community.general.ipa_config: ipamaxusernamelength: 32 ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the password expiration notice is set to 4 days community.general.ipa_config: ipapwdexpadvnotify: 4 ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the search record limit is set to 100 community.general.ipa_config: ipasearchrecordslimit: 100 ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the search time limit is set to 2 seconds community.general.ipa_config: ipasearchtimelimit: 2 ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the default user auth type is password community.general.ipa_config: ipauserauthtype: ['password'] ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the user search fields is set to 'uid,givenname,sn,ou,title' community.general.ipa_config: ipausersearchfields: ['uid', 'givenname', 'sn', 'ou', 'title'] ipa_host: localhost ipa_user: admin ipa_pass: supersecret - name: Ensure the SELinux user map order is set community.general.ipa_config: ipaselinuxusermaporder: - "guest_u:s0" - "xguest_u:s0" - "user_u:s0" - "staff_u:s0-s0:c0.c1023" - "unconfined_u:s0-s0:c0.c1023" ipa_host: localhost ipa_user: admin ipa_pass: supersecret z^ config: description: Configuration as returned by IPA API. returned: always type: dict N) AnsibleModule) IPAClientipa_argument_spec) to_nativec*eZdZfdZdZdZxZS)ConfigIPAClientc2tt| ||||y)N)superr __init__)selfmodulehostportprotocol __class__s p/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/ipa_config.pyrzConfigIPAClient.__init__s ot-fdD(Kc(|jddS)N config_show)methodname _post_json)rs rrzConfigIPAClient.config_showsm$??rc*|jd||S)N config_mod)rritemr)rrrs rrzConfigIPAClient.config_modslDIIr)__name__ __module__ __qualname__rrr __classcell__)rs@rr r sL@Jrr ci}|||d<|||d<|||d<|||d<|||d<|dj||d<|||d<|||d <|t||d <| t| |d <| t| |d <| t| |d <| dj| |d<| | |d<|||d<|dj||d<|S)Nipaconfigstringipadefaultloginshellipadefaultemaildomainipadefaultprimarygroupipagroupobjectclasses,ipagroupsearchfieldsipahomesrootdiripakrbauthzdataipamaxusernamelengthipapwdexpadvnotifyipasearchrecordslimitipasearchtimelimit$ipaselinuxusermaporderipauserauthtypeipauserobjectclassesipausersearchfields)joinstr)r%r&r'r(r+r)r,r-r.r/r0r1r3r4r6r5configs rget_config_dictr:sTF"$3 !')=%&(*?&')+A'((*?&''),2F)G%&"$3 !"$3 !'),-A)B%&%'*+='>#$(*-.C*D&'%'*+='>#$)+.884J+K'("$3 !')=%&&(+1D(E$% Mrc(|j||S)N)ipa_data module_data)get_diff)client ipa_config module_configs rget_config_diffrB&s ??JM? JJrctdid|jjdd|jjdd|jjdd|jjdd|jjdd|jjdd|jjdd|jjdd |jjd d |jjd d |jjd d |jjd d |jjd d|jjdd|jjdd|jjd}|j}t |||}d}i}|D]K}|j||j|dk7s(d}|j ||j|iM|r|j s|jd|||jfS)Nr%r&r'r(r)r+r,r-r.r/r0r1r3r4r6r5FT)rr)r:paramsgetrrBupdate check_moder)rr?rAr@diffchanged new_config module_keys rensurerM*sV# ))*;<#]]../EF%mm//0GH &}}001IJ  %mm//0GH  $]]../EF  ))*;< ))*;<$]]../EF"==,,-AB%mm//0GH"==,,-AB &}}001IJ ))*;<#MM--.CD $]]../EF!M$##%J 6:} =DGJK   Z (JNN:t,L LG   z=+<+*?A%.1AB&5%B&4%57"u7J6KLU5F4GH"8L7MNU5F4GH#%-B,C E&5&4%5&PQ!fu*<)=?!v+>*?A= D# F  ]]: & ]]: &z* FM ]]:.]]:.  vv. t4 MYq\Y5I5I5KLLMsAF G.G  G__main__)NNNNNNNNNNNNNNNN) __future__rrrrR __metaclass__ DOCUMENTATIONEXAMPLESRETURNransible.module_utils.basicr>ansible_collections.community.general.plugins.module_utils.iparr+ansible.module_utils.common.text.convertersr r r:rBrMrr rDrrrsA@ k Zg R 4gAJiJ@DGKEI:>BFCGAECG*ZK )F8Mv zFr