community.general.udm_user – Manage posix users on a univention corporate server
Note
This plugin is part of the community.general collection (version 1.3.2).
To install it use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.udm_user.
Synopsis
- This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.
Requirements
The below requirements are needed on the host that executes this module.
- Python >= 2.6
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| birthday
string
|
Birthday
|
|
| city
string
|
City of users business address.
|
|
| country
string
|
Country of users business address.
|
|
| department_number
string
|
Department number of users business address.
aliases: departmentNumber |
|
| description
string
|
Description (not gecos)
|
|
| display_name
string
|
Display name (not gecos)
aliases: displayName |
|
| email
list / elements=string
|
Default:
[""]
|
A list of e-mail addresses.
|
| employee_number
string
|
Employee number
aliases: employeeNumber |
|
| employee_type
string
|
Employee type
aliases: employeeType |
|
| firstname
string
|
First name. Required if state=present.
|
|
| gecos
string
|
GECOS
|
|
| groups
list / elements=string
|
Default:
[]
|
POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: (&(objectClass=posixGroup(cn=$GROUP))).
|
| home_share
string
|
Home NFS share. Must be a LDAP DN, e.g.
cn=home,cn=shares,ou=school,dc=example,dc=com.
aliases: homeShare |
|
| home_share_path
string
|
Path to home NFS share, inside the homeShare.
aliases: homeSharePath |
|
| home_telephone_number
list / elements=string
|
Default:
[]
|
List of private telephone numbers.
aliases: homeTelephoneNumber |
| homedrive
string
|
Windows home drive, e.g. "H:".
|
|
| lastname
string
|
Last name. Required if state=present.
|
|
| mail_alternative_address
list / elements=string
|
Default:
[]
|
List of alternative e-mail addresses.
aliases: mailAlternativeAddress |
| mail_home_server
string
|
FQDN of mail server
aliases: mailHomeServer |
|
| mail_primary_address
string
|
Primary e-mail address
aliases: mailPrimaryAddress |
|
| mobile_telephone_number
list / elements=string
|
Default:
[]
|
Mobile phone number
aliases: mobileTelephoneNumber |
| organisation
string
|
Organisation
aliases: organization |
|
| ou
string
|
Default:
""
|
Organizational Unit inside the LDAP Base DN, e.g. school for LDAP OU ou=school,dc=example,dc=com.
|
| overridePWHistory
boolean
|
|
Override password history
aliases: override_pw_history |
| overridePWLength
boolean
|
|
Override password check
aliases: override_pw_length |
| pager_telephonenumber
list / elements=string
|
Default:
[]
|
List of pager telephone numbers.
aliases: pagerTelephonenumber |
| password
string
|
Password. Required if state=present.
|
|
| phone
list / elements=string
|
List of telephone numbers.
|
|
| position
string
|
Default:
""
|
Define the whole position of users object inside the LDAP tree, e.g. cn=employee,cn=users,ou=school,dc=example,dc=com.
|
| postcode
string
|
Postal code of users business address.
|
|
| primary_group
string
|
Primary group. This must be the group LDAP DN.
If not specified, it defaults to
cn=Domain Users,cn=groups,$LDAP_BASE_DN.
aliases: primaryGroup |
|
| profilepath
string
|
Windows profile directory
|
|
| pwd_change_next_login
string
|
|
Change password on next login.
aliases: pwdChangeNextLogin |
| room_number
string
|
Room number of users business address.
aliases: roomNumber |
|
| samba_privileges
list / elements=string
|
Samba privilege, like allow printer administration, do domain join.
aliases: sambaPrivileges |
|
| samba_user_workstations
list / elements=string
|
Allow the authentication only on this Microsoft Windows host.
aliases: sambaUserWorkstations |
|
| sambahome
string
|
Windows home path, e.g. '\\$FQDN\$USERNAME'.
|
|
| scriptpath
string
|
Windows logon script.
|
|
| secretary
list / elements=string
|
Default:
[]
|
A list of superiors as LDAP DNs.
|
| serviceprovider
list / elements=string
|
Default:
[""]
|
Enable user for the following service providers.
|
| shell
string
|
Default:
"/bin/bash"
|
Login shell
|
| state
string
|
|
Whether the user is present or not.
|
| street
string
|
Street of users business address.
|
|
| subpath
string
|
Default:
"cn=users"
|
LDAP subpath inside the organizational unit, e.g. cn=teachers,cn=users for LDAP container cn=teachers,cn=users,dc=example,dc=com.
|
| title
string
|
Title, e.g. Prof..
|
|
| unixhome
string
|
Unix home directory
If not specified, it defaults to /home/$USERNAME.
|
|
| update_password
string
|
|
always will update passwords if they differ. on_create will only set the password for newly created users.
|
| userexpiry
string
|
Account expiry date, e.g.
1999-12-31.
If not specified, it defaults to the current day plus one year.
|
|
| username
string / required
|
User name
aliases: name |
Examples
- name: Create a user on a UCS
community.general.udm_user:
name: FooBar
password: secure_password
firstname: Foo
lastname: Bar
- name: Create a user with the DN C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
community.general.udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
ou: school
subpath: 'cn=teachers,cn=users'
# or define the position
- name: Create a user with the DN C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
community.general.udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'
Authors
- Tobias Rüetschi (@keachi)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/general/udm_user_module.html