`. .. Aliases .. Requirements Requirements ------------ The below requirements are needed on the host that executes this module. - ciscoisesdk >= 1.2.0 - python >= 3.5 .. Options Parameters ---------- .. raw:: html

Parameter			Choices/Defaults	Comments
adAttributes dictionary				Holds list of AD Attributes.
	attributes list / elements=string			List of Attributes.
		defaultValue string		Required for each attribute in the attribute list. Can contain an empty string. All characters are allowed except <%".
		internalName string		Required for each attribute in the attribute list. All characters are allowed except <%".
		name string		Required for each attribute in the attribute list with no duplication between attributes. All characters are allowed except <%".
		type string		Required for each group in the group list. Allowed values STRING, IP, BOOLEAN, INT, OCTET_STRING.
adgroups dictionary				Holds list of AD Groups.
	groups list / elements=string			List of Groups.
		name string		Required for each group in the group list with no duplication between groups. All characters are allowed except %.
		sid string		Cisco ISE uses security identifiers (SIDs) for optimization of group membership evaluation. SIDs are useful for efficiency (speed) when the groups are evaluated. All characters are allowed except %.
		type string		No character restriction.
adScopesNames string				String that contains the names of the scopes that the active directory belongs to. Names are separated by comma. Alphanumeric, underscore (_) characters are allowed.
advancedSettings dictionary				Active Directory's advancedSettings.
	agingTime integer			Range 1-8760 hours.
	authProtectionType string			Enable prevent AD account lockout. Allowed values - WIRELESS, - WIRED, - BOTH.
	country string			User info attribute. All characters are allowed except %.
	department string			User info attribute. All characters are allowed except %.
	email string			User info attribute. All characters are allowed except %.
	enableCallbackForDialinClient boolean		Choices: no yes	EnableCallbackForDialinClient flag.
	enableDialinPermissionCheck boolean		Choices: no yes	EnableDialinPermissionCheck flag.
	enableFailedAuthProtection boolean		Choices: no yes	Enable prevent AD account lockout due to too many bad password attempts.
	enableMachineAccess boolean		Choices: no yes	EnableMachineAccess flag.
	enableMachineAuth boolean		Choices: no yes	EnableMachineAuth flag.
	enablePassChange boolean		Choices: no yes	EnablePassChange flag.
	enableRewrites boolean		Choices: no yes	EnableRewrites flag.
	failedAuthThreshold integer			Number of bad password attempts.
	firstName string			User info attribute. All characters are allowed except %.
	identityNotInAdBehaviour string			Allowed values REJECT, SEARCH_JOINED_FOREST, SEARCH_ALL.
	jobTitle string			User info attribute. All characters are allowed except %.
	lastName string			User info attribute. All characters are allowed except %.
	locality string			User info attribute. All characters are allowed except %.
	organizationalUnit string			User info attribute. All characters are allowed except %.
	plaintextAuth boolean		Choices: no yes	PlaintextAuth flag.
	rewriteRules list / elements=string			Identity rewrite is an advanced feature that directs Cisco ISE to manipulate the identity before it is passed to the external Active Directory system. You can create rules to change the identity to a desired format that includes or excludes a domain prefix and/or suffix or other additional markup of your choice.
		rewriteMatch string		Required for each rule in the list with no duplication between rules. All characters are allowed except %".
		rewriteResult string		Required for each rule in the list. All characters are allowed except %".
		rowId integer		Required for each rule in the list in serial order.
	schema string			Allowed values ACTIVE_DIRECTORY, CUSTOM. Choose ACTIVE_DIRECTORY schema when the AD attributes defined in AD can be copied to relevant attributes in Cisco ISE. If customization is needed, choose CUSTOM schema. All User info attributes are always set to default value if schema is ACTIVE_DIRECTORY. Values can be changed only for CUSTOM schema.
	stateOrProvince string			User info attribute. All characters are allowed except %.
	streetAddress string			User info attribute. All characters are allowed except %.
	telephone string			User info attribute. All characters are allowed except %.
	unreachableDomainsBehaviour string			Allowed values PROCEED, DROP.
description string				No character restriction.
domain string				The AD domain. Alphanumeric, hyphen (-) and dot (.) characters are allowed.
enableDomainWhiteList boolean			Choices: no yes	EnableDomainWhiteList flag.
id string				Id path parameter.
ise_debug boolean			Choices: no ← yes	Flag for Identity Services Engine SDK to enable debugging.
ise_hostname string / required				The Identity Services Engine hostname.
ise_password string / required				The Identity Services Engine password to authenticate.
ise_username string / required				The Identity Services Engine username to authenticate.
ise_uses_api_gateway boolean added in 1.1.0 of cisco.ise			Choices: no yes ←	Flag that informs the SDK whether to use the Identity Services Engine's API Gateway to send requests. If it is true, it uses the ISE's API Gateway and sends requests to https://{{ise_hostname}}. If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid).
ise_verify boolean			Choices: no yes ←	Flag to enable or disable SSL certificate verification.
ise_version string			Default: "3.1.0"	Informs the SDK which version of Identity Services Engine to use.
ise_wait_on_rate_limit boolean			Choices: no yes ←	Flag for Identity Services Engine SDK to enable automatic rate-limit handling.
name string				Resource Name. Maximum 32 characters allowed. Allowed characters are alphanumeric and .-_/\\ characters.

.. Attributes .. Notes Notes ----- .. note:: - Does not support ``check_mode`` - The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco ISE SDK - The parameters starting with ise_ are used by the Cisco ISE Python SDK to establish the connection .. Seealso See Also -------- .. seealso:: `Active Directory reference `_ Complete reference of the Active Directory object model. .. Examples Examples -------- .. code-block:: yaml+jinja - name: Delete by id cisco.ise.active_directory: ise_hostname: "{{ise_hostname}}" ise_username: "{{ise_username}}" ise_password: "{{ise_password}}" ise_verify: "{{ise_verify}}" state: absent id: string - name: Create cisco.ise.active_directory: ise_hostname: "{{ise_hostname}}" ise_username: "{{ise_username}}" ise_password: "{{ise_password}}" ise_verify: "{{ise_verify}}" state: present adAttributes: attributes: - defaultValue: string internalName: string name: string type: string adScopesNames: string adgroups: groups: - name: string sid: string type: string advancedSettings: agingTime: 0 authProtectionType: string country: string department: string email: string enableCallbackForDialinClient: true enableDialinPermissionCheck: true enableFailedAuthProtection: true enableMachineAccess: true enableMachineAuth: true enablePassChange: true enableRewrites: true failedAuthThreshold: 0 firstName: string identityNotInAdBehaviour: string jobTitle: string lastName: string locality: string organizationalUnit: string plaintextAuth: true rewriteRules: - rewriteMatch: string rewriteResult: string rowId: 0 schema: string stateOrProvince: string streetAddress: string telephone: string unreachableDomainsBehaviour: string description: string domain: string enableDomainWhiteList: true id: string name: string .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. raw:: html

Key	Returned	Description
ise_response dictionary	always	A dictionary or list with the response returned by the Cisco ISE Python SDK Sample: { "id": "string", "name": "string", "description": "string", "domain": "string", "enableDomainWhiteList": true, "enableDomainAllowedList": true, "adgroups": { "groups": [ { "name": "string", "sid": "string", "type": "string" } ] }, "advancedSettings": { "enablePassChange": true, "enableMachineAuth": true, "enableMachineAccess": true, "agingTime": 0, "enableDialinPermissionCheck": true, "enableCallbackForDialinClient": true, "plaintextAuth": true, "enableFailedAuthProtection": true, "authProtectionType": "string", "failedAuthThreshold": 0, "identityNotInAdBehaviour": "string", "unreachableDomainsBehaviour": "string", "enableRewrites": true, "rewriteRules": [ { "rowId": 0, "rewriteMatch": "string", "rewriteResult": "string" } ], "firstName": "string", "department": "string", "lastName": "string", "organizationalUnit": "string", "jobTitle": "string", "locality": "string", "email": "string", "stateOrProvince": "string", "telephone": "string", "country": "string", "streetAddress": "string", "schema": "string" }, "adAttributes": { "attributes": [ { "name": "string", "type": "string", "internalName": "string", "defaultValue": "string" } ] }, "adScopesNames": "string", "link": { "rel": "string", "href": "string", "type": "string" } }

.. Status (Presently only deprecated) .. Authors Authors ~~~~~~~ - Rafael Campos (@racampos) .. Parsing errors