Ansible – VMware Identity Manager – how to change user attributes – Part#2.

In the previous post i described how to deploy VMware Identity Manager through vRealize Lifecycle Manager using Ansible. vIDM is up and ready to go so let’s go little bit further and do one of the many configuration steps . Before configuring the Directory Services and the VMware Identity Manager settings, it can happen that you will need to make some configuration changes in your VMware Identity Manager to ensure your Active Directory users are imported and mapped properly based on our configuration. What i mean in this case is User Attributes:

As you already noticed, four user attributes are required by default:





Users missing a required attribute in their profile (in Active Directory) are not synced to the VMware Identity Manager service.

Ok so how to disable these (or enable – up to you) in a automatic way using Ansible of course? Below example shows how to disable Email attribute. To achieve a goal i made a friend with jq – a tool to filter JSON data.

And again i will use role tmp-createVidm but this time task name is vidmConfig.yml.

Let’s describe a variables:

Variables are ready so the first step is to list all user attributes that are currently set up as required and save it as a json file.

This is how our json file looks like. Pay attention on the item value. We are going to disable Email attribute (changing reuired to false) so we will focus on item #5.

Change json file owner if needed:

Now we have set facts for jq:

choicesKey – what we want to change;

choicesValue: new value – in this case ‘false’ to disable Email attribute;

jsonFile: file created in previous step.

In these two steps (thanks to jq) the magic happens:

As you noticed we sent in PUT request all attributes. I mean i couldn’t find a way to send just this one edited attribute. That’s why i used jq.

And my playbook looks like this:

That’s it. If you know how to do that much easier way i’ll be more than welcome to read about this.