Index of all Collection Environment Variables
The following index documents all environment variables declared by plugins in collections. Environment variables used by the ansible-core configuration are documented in Ansible Configuration Settings.
- ANSIBLE_INVENTORY_USE_EXTRA_VARS
Merge extra vars into the available variables for composition (highest precedence).
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_AUTH_PROTOCOL
The authentication protocol to use when connecting to the LDAP host.
Defaults to
certificateif LDAPS/StartTLS is used and certificate has been specified. Otherwise it defaults tonegotiate.simpleis simple authentication where the user and password are sent in plaintext. It does not support any encryption so either must be used with LDAPS, or StartTLS. If using over a plaintext LDAP connection without TLS,encrypt=Falsemust be specified to explicitly opt into no encryption.certificateis TLS client certificate authentication. It can only be used with LDAPS or StartTLS. See certificate for more information on how to specify the client certificate used for authentication.negotiatewill attempt to negotiate Kerberos authentication with a fallback to NTLM. If Kerberos is available the Kerberos credential cache can be used if no username or password is specified.kerberoswill use Kerberos authentication with no NTLM fallback.ntlmwill use NTLM authentication with no Kerberos attempt.negotiate,kerberos, andntlmsupport encryption over LDAP.Kerberos support requires the
pyspnego[kerberos]extras to be installed.See LDAP authentication for more information.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CA_CERT
Can be the path to a CA certificate PEM or DER file, directory of PEM certificates, or the CA certificate PEM string that is used for certificate validation.
If omitted, the default CA store used for validation is dependent on the current Python settings.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CERT_VALIDATION
The certificate validation behaviour when using a TLS connection.
This can be set to
always,ignore,ignore_hostname.alwayswill perform certificate hostname and CA validation.ignorewill ignore any certificate errors.ignore_hostnamewill validate the CA trust chain but will ignore any hostname checks performed by TLS.See Certificate validation for more information.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CERTIFICATE
The certificate or certificate with key bundle that is used for certificate authentication.
The value can either be a path to a file containing the certificate or string of the PEM encoded certificate.
If using a path to a certificate file, the file can be a PEM encoded certificate, a PEM encoded certificate and key bundle, a DER encoded certificate, or a PFX/PKCS12 encoded certificate and key bundle.
Use certificate_key if the certificate specified does not contain the key.
Use certificate_password if the key is encrypted with a password.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CERTIFICATE_KEY
The certificate key that is used for certificate authentication.
The value can either be a path to a file containing the key in the PEM or DER encoded form, or it can be the string of a PEM encoded key.
Use certificate_password if the key is encrypted with a password.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CERTIFICATE_PASSWORD
The password used to decrypt the certificate key specified by certificate or certificate_key.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CONNECTION_TIMEOUT
The timeout in seconds to wait until the connection is established before failing.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_ENCRYPT
Whether encryption is required for the connection.
Encryption can either be performed using the authentication protocol or through TLS.
The auth_protocol
negotiate,kerberos, andntlmall support encryption over LDAP whereassimpledoes not.If using
auth_protocol=simpleover LDAP without TLS then this must be set toFalse. As no encryption is used, all traffic will be in plaintext and should be avoided.This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_PASSWORD
The password to authenticate with.
If auth_protocol is
simpleand no password is specified, the bind will be performed as an unauthenticated bind.If auth_protocol is
negotiate,kerberos, orntlmand no password is specified, it will attempt to use the local cached credential specified by username if available.This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_PORT
The LDAP port to use for the connection.
Port 389 is used for LDAP and port 686 is used for LDAPS.
Defaults to port
636iftls_mode=ldapsotherwise389.This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_SERVER
The domain controller/server to connect to.
If not specified the server will be derived from the current krb5.conf
default_realmsetting and with an SRV DNS lookup.See Server lookup for more information.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_TLS_MODE
The TLS operation to use.
If an explicit port is set to
636then this defaults toldaps.ldapswill connect over LDAPS (port 636).start_tlswill connect over LDAP (port 389) and perform the StartTLS operation before the authentication bind.It is recommended to use
ldapsoverstart_tlsif TLS is going to be used.This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_USERNAME
The username to authenticate with.
If auth_protocol is
simpleand no username is specified, anonymous authentication is used.If auth_protocol is
negotiate,kerberos, orntlmand no username is specified, it will attempt to use the local cached credential if available, for example one retrieved bykinit.This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin