udm_user - Manage posix users on a univention corporate server
New in version 2.2.
Synopsis
- This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.
Requirements
The below requirements are needed on the host that executes this module.
- Python >= 2.6
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| birthday | Default:
None
|
Birthday
|
| city | Default:
None
|
City of users business address.
|
| country | Default:
None
|
Country of users business address.
|
| department_number | Default:
None
|
Department number of users business address.
aliases: departmentNumber |
| description | Default:
None
|
Description (not gecos)
|
| display_name | Default:
None
|
Display name (not gecos)
aliases: displayName |
| Default:
[u'']
|
A list of e-mail addresses.
|
|
| employee_number | Default:
None
|
Employee number
aliases: employeeNumber |
| employee_type | Default:
None
|
Employee type
aliases: employeeType |
| firstname |
First name. Required if state=present.
|
|
| gecos | Default:
None
|
GECOS
|
| groups | Default:
[]
|
POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: (&(objectClass=posixGroup(cn=$GROUP))).
|
| home_share | Default:
None
|
Home NFS share. Must be a LDAP DN, e.g.
cn=home,cn=shares,ou=school,dc=example,dc=com.
aliases: homeShare |
| home_share_path | Default:
None
|
Path to home NFS share, inside the homeShare.
aliases: homeSharePath |
| home_telephone_number | Default:
[]
|
List of private telephone numbers.
aliases: homeTelephoneNumber |
| homedrive | Default:
None
|
Windows home drive, e.g. "H:".
|
| lastname |
Last name. Required if state=present.
|
|
| mail_alternative_address | Default:
[]
|
List of alternative e-mail addresses.
aliases: mailAlternativeAddress |
| mail_home_server | Default:
None
|
FQDN of mail server
aliases: mailHomeServer |
| mail_primary_address | Default:
None
|
Primary e-mail address
aliases: mailPrimaryAddress |
| mobile_telephone_number | Default:
[]
|
Mobile phone number
aliases: mobileTelephoneNumber |
| organisation | Default:
None
|
Organisation
|
| ou | Default: |
Organizational Unit inside the LDAP Base DN, e.g. school for LDAP OU ou=school,dc=example,dc=com.
|
| override_pw_history | Default:
no
|
Override password history
aliases: overridePWHistory |
| override_pw_length | Default:
no
|
Override password check
aliases: overridePWLength |
| pager_telephonenumber | Default:
[]
|
List of pager telephone numbers.
aliases: pagerTelephonenumber |
| password | Default:
None
|
Password. Required if state=present.
|
| phone | Default:
[]
|
List of telephone numbers.
|
| position | Default: |
Define the whole position of users object inside the LDAP tree, e.g. cn=employee,cn=users,ou=school,dc=example,dc=com.
|
| postcode | Default:
None
|
Postal code of users business address.
|
| primary_group | Default:
cn=Domain Users,cn=groups,$LDAP_BASE_DN
|
Primary group. This must be the group LDAP DN.
aliases: primaryGroup |
| profilepath | Default:
None
|
Windows profile directory
|
| pwd_change_next_login |
None
|
Change password on next login.
aliases: pwdChangeNextLogin |
| room_number | Default:
None
|
Room number of users business address.
aliases: roomNumber |
| samba_privileges | Default:
[]
|
Samba privilege, like allow printer administration, do domain join.
aliases: sambaPrivileges |
| samba_user_workstations | Default:
[]
|
Allow the authentication only on this Microsoft Windows host.
aliases: sambaUserWorkstations |
| sambahome | Default:
None
|
Windows home path, e.g. '\\$FQDN\$USERNAME'.
|
| scriptpath | Default:
None
|
Windows logon script.
|
| secretary | Default:
[]
|
A list of superiors as LDAP DNs.
|
| serviceprovider | Default:
[u'']
|
Enable user for the following service providers.
|
| shell | Default:
/bin/bash
|
Login shell
|
| state |
|
Whether the user is present or not.
|
| street | Default:
None
|
Street of users business address.
|
| subpath | Default:
cn=users
|
LDAP subpath inside the organizational unit, e.g. cn=teachers,cn=users for LDAP container cn=teachers,cn=users,dc=example,dc=com.
|
| title | Default:
None
|
Title, e.g. Prof..
|
| unixhome | Default:
/home/$USERNAME
|
Unix home directory
|
| update_password
(added in 2.3)
|
Default:
always
|
always will update passwords if they differ. on_create will only set the password for newly created users.
|
| userexpiry | Default:
Today + 1 year
|
Account expiry date, e.g. 1999-12-31.
|
| username
required
|
User name
aliases: name |
Examples
# Create a user on a UCS
- udm_user:
name: FooBar
password: secure_password
firstname: Foo
lastname: Bar
# Create a user with the DN
# C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
- udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
ou: school
subpath: 'cn=teachers,cn=users'
# or define the position
- udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Author
- Tobias Rueetschi (@2-B)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.5/modules/udm_user_module.html