fmgr_user_group_dynamicmapping – Configure user groups.

New in version 2.10.

Synopsis

• This module is able to configure a FortiManager device.
• Examples include all parameters and values need to be adjusted to data sources before usage.

Requirements

The below requirements are needed on the host that executes this module.

• ansible>=2.9.0

FortiManager Version Compatibility

	7.2.0
user_group_dynamicmapping	yes

Parameters

• enable_log - Enable/Disable logging for task type: bool required: false default: False
• forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0 type: str required: false
• proposed_method - The overridden method for the underlying Json RPC request type: str required: false choices: set, update, add
• bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters type: bool required: false default: False
• workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode type: str required: false choices: global, custom adom including root
• workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock type: integer required: false default: 300
• rc_succeeded - The rc codes list with which the conditions to succeed will be overriden type: list required: false
• rc_failed - The rc codes list with which the conditions to fail will be overriden type: list required: false
• state - The directive to create, update or delete an object type: str required: true choices: present, absent
• adom - The parameter in requested url type: str required: true
• group - The parameter in requested url type: str required: true
• user_group_dynamicmapping - no description type: dict
• _scope - No description for the parameter type: array more...

  	7.2.0
  _scope	True

  • name - No description for the parameter type: str more...

    	7.2.0
    name	True

  • vdom - No description for the parameter type: str more...

    	7.2.0
    vdom	True

• auth-concurrent-override - Enable/disable overriding the global number of concurrent authentication sessions for this user group. type: str choices: [disable, enable] more...

  	7.2.0
  auth-concurrent-override	True

• auth-concurrent-value - Maximum number of concurrent authenticated connections per user (0 - 100). type: int more...

  	7.2.0
  auth-concurrent-value	True

• authtimeout - Authentication timeout in minutes for this user group. type: int more...

  	7.2.0
  authtimeout	True

• company - Set the action for the company guest user field. type: str choices: [optional, mandatory, disabled] more...

  	7.2.0
  company	True

• email - Enable/disable the guest user email address field. type: str choices: [disable, enable] more...

  	7.2.0
  email	True

• expire - Time in seconds before guest user accounts expire (1 - 31536000). type: int more...

  	7.2.0
  expire	True

• expire-type - Determine when the expiration countdown begins. type: str choices: [immediately, first-successful-login] more...

  	7.2.0
  expire-type	True

• group-type - Set the group to be for firewall authentication, FSSO, RSSO, or guest users. type: str choices: [firewall, directory-service, fsso-service, guest, rsso] more...

  	7.2.0
  group-type	True

• guest - No description for the parameter type: array more...

  	7.2.0
  guest	True

  • comment - Comment. type: str more...

    	7.2.0
    comment	True

  • company - Set the action for the company guest user field. type: str more...

    	7.2.0
    company	True

  • email - Email. type: str more...

    	7.2.0
    email	True

  • expiration - Expire time. type: str more...

    	7.2.0
    expiration	True

  • group - No description for the parameter type: str more...

    	7.2.0
    group	True

  • id - Guest ID. type: int more...

    	7.2.0
    id	True

  • mobile-phone - Mobile phone. type: str more...

    	7.2.0
    mobile-phone	True

  • name - Guest name. type: str more...

    	7.2.0
    name	True

  • password - No description for the parameter type: str more...

    	7.2.0
    password	True

  • sponsor - Set the action for the sponsor guest user field. type: str more...

    	7.2.0
    sponsor	True

  • user-id - Guest ID. type: str more...

    	7.2.0
    user-id	True

• http-digest-realm - Realm attribute for MD5-digest authentication. type: str more...

  	7.2.0
  http-digest-realm	True

• id - No description for the parameter type: int more...

  	7.2.0
  id	True

• ldap-memberof - No description for the parameter type: str more...

  	7.2.0
  ldap-memberof	True

• logic-type - No description for the parameter type: str choices: [or, and] more...

  	7.2.0
  logic-type	True

• match - No description for the parameter type: array more...

  	7.2.0
  match	True

  • _gui_meta - No description for the parameter type: str more...

    	7.2.0
    _gui_meta	True

  • group-name - Name of matching user or group on remote authentication server. type: str more...

    	7.2.0
    group-name	True

  • id - ID. type: int more...

    	7.2.0
    id	True

  • server-name - Name of remote auth server. type: str more...

    	7.2.0
    server-name	True

• max-accounts - Maximum number of guest accounts that can be created for this group (0 means unlimited). type: int more...

  	7.2.0
  max-accounts	True

• member - No description for the parameter type: str more...

  	7.2.0
  member	True

• mobile-phone - Enable/disable the guest user mobile phone number field. type: str choices: [disable, enable] more...

  	7.2.0
  mobile-phone	True

• multiple-guest-add - Enable/disable addition of multiple guests. type: str choices: [disable, enable] more...

  	7.2.0
  multiple-guest-add	True

• password - Guest user password type. type: str choices: [auto-generate, specify, disable] more...

  	7.2.0
  password	True

• redir-url - No description for the parameter type: str more...

  	7.2.0
  redir-url	True

• sms-custom-server - SMS server. type: str more...

  	7.2.0
  sms-custom-server	True

• sms-server - Send SMS through FortiGuard or other external server. type: str choices: [fortiguard, custom] more...

  	7.2.0
  sms-server	True

• sponsor - Set the action for the sponsor guest user field. type: str choices: [optional, mandatory, disabled] more...

  	7.2.0
  sponsor	True

• sslvpn-bookmarks-group - No description for the parameter type: str more...

  	7.2.0
  sslvpn-bookmarks-group	True

• sslvpn-cache-cleaner - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-cache-cleaner	True

• sslvpn-client-check - No description for the parameter type: array choices: [forticlient, forticlient-av, forticlient-fw, 3rdAV, 3rdFW] more...

  	7.2.0
  sslvpn-client-check	True

• sslvpn-ftp - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-ftp	True

• sslvpn-http - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-http	True

• sslvpn-os-check - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-os-check	True

• sslvpn-os-check-list type: dict
• action - No description for the parameter type: str choices: [allow, check-up-to-date, deny] more...

  	7.2.0
  action	True

• latest-patch-level - No description for the parameter type: str more...

  	7.2.0
  latest-patch-level	True

• name - No description for the parameter type: str more...

  	7.2.0
  name	True

• tolerance - No description for the parameter type: int more...

  	7.2.0
  tolerance	True

• sslvpn-portal - No description for the parameter type: str more...

  	7.2.0
  sslvpn-portal	True

• sslvpn-portal-heading - No description for the parameter type: str more...

  	7.2.0
  sslvpn-portal-heading	True

• sslvpn-rdp - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-rdp	True

• sslvpn-samba - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-samba	True

• sslvpn-split-tunneling - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-split-tunneling	True

• sslvpn-ssh - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-ssh	True

• sslvpn-telnet - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-telnet	True

• sslvpn-tunnel - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-tunnel	True

• sslvpn-tunnel-endip - No description for the parameter type: str more...

  	7.2.0
  sslvpn-tunnel-endip	True

• sslvpn-tunnel-ip-mode - No description for the parameter type: str choices: [range, usrgrp] more...

  	7.2.0
  sslvpn-tunnel-ip-mode	True

• sslvpn-tunnel-startip - No description for the parameter type: str more...

  	7.2.0
  sslvpn-tunnel-startip	True

• sslvpn-virtual-desktop - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-virtual-desktop	True

• sslvpn-vnc - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-vnc	True

• sslvpn-webapp - No description for the parameter type: str choices: [disable, enable] more...

  	7.2.0
  sslvpn-webapp	True

• sso-attribute-value - Name of the RADIUS user group that this local user group represents. type: str more...

  	7.2.0
  sso-attribute-value	True

• user-id - Guest user ID type. type: str choices: [email, auto-generate, specify] more...

  	7.2.0
  user-id	True

• user-name - Enable/disable the guest user name entry. type: str choices: [disable, enable] more...

  	7.2.0
  user-name	True

Notes

Note

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
• To create or update an object, use state: present directive.
• To delete an object, use state: absent directive
• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: no description
     fmgr_user_group_dynamicmapping:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        group: <your own value>
        state: <value in [present, absent]>
        user_group_dynamicmapping:
           _scope:
             -
                 name: <value of string>
                 vdom: <value of string>
           auth-concurrent-override: <value in [disable, enable]>
           auth-concurrent-value: <value of integer>
           authtimeout: <value of integer>
           company: <value in [optional, mandatory, disabled]>
           email: <value in [disable, enable]>
           expire: <value of integer>
           expire-type: <value in [immediately, first-successful-login]>
           group-type: <value in [firewall, directory-service, fsso-service, ...]>
           guest:
             -
                 comment: <value of string>
                 company: <value of string>
                 email: <value of string>
                 expiration: <value of string>
                 group: <value of string>
                 id: <value of integer>
                 mobile-phone: <value of string>
                 name: <value of string>
                 password: <value of string>
                 sponsor: <value of string>
                 user-id: <value of string>
           http-digest-realm: <value of string>
           id: <value of integer>
           ldap-memberof: <value of string>
           logic-type: <value in [or, and]>
           match:
             -
                 _gui_meta: <value of string>
                 group-name: <value of string>
                 id: <value of integer>
                 server-name: <value of string>
           max-accounts: <value of integer>
           member: <value of string>
           mobile-phone: <value in [disable, enable]>
           multiple-guest-add: <value in [disable, enable]>
           password: <value in [auto-generate, specify, disable]>
           redir-url: <value of string>
           sms-custom-server: <value of string>
           sms-server: <value in [fortiguard, custom]>
           sponsor: <value in [optional, mandatory, disabled]>
           sslvpn-bookmarks-group: <value of string>
           sslvpn-cache-cleaner: <value in [disable, enable]>
           sslvpn-client-check:
             - forticlient
             - forticlient-av
             - forticlient-fw
             - 3rdAV
             - 3rdFW
           sslvpn-ftp: <value in [disable, enable]>
           sslvpn-http: <value in [disable, enable]>
           sslvpn-os-check: <value in [disable, enable]>
           sslvpn-os-check-list:
              action: <value in [allow, check-up-to-date, deny]>
              latest-patch-level: <value of string>
              name: <value of string>
              tolerance: <value of integer>
           sslvpn-portal: <value of string>
           sslvpn-portal-heading: <value of string>
           sslvpn-rdp: <value in [disable, enable]>
           sslvpn-samba: <value in [disable, enable]>
           sslvpn-split-tunneling: <value in [disable, enable]>
           sslvpn-ssh: <value in [disable, enable]>
           sslvpn-telnet: <value in [disable, enable]>
           sslvpn-tunnel: <value in [disable, enable]>
           sslvpn-tunnel-endip: <value of string>
           sslvpn-tunnel-ip-mode: <value in [range, usrgrp]>
           sslvpn-tunnel-startip: <value of string>
           sslvpn-virtual-desktop: <value in [disable, enable]>
           sslvpn-vnc: <value in [disable, enable]>
           sslvpn-webapp: <value in [disable, enable]>
           sso-attribute-value: <value of string>
           user-id: <value in [email, auto-generate, specify]>
           user-name: <value in [disable, enable]>

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• request_url - The full url requested returned: always type: str sample: /sys/login/user
• response_code - The status of api request returned: always type: int sample: 0
• response_message - The descriptive message of the api response returned: always type: str sample: OK
• response_data - The data body of the api response returned: optional type: list or dict

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Link Zheng (@chillancezen)
• Jie Xue (@JieX19)
• Frank Shen (@fshen01)
• Hongbin Lu (@fgtdev-hblu)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.