community.general.udm_user – Manage posix users on a univention corporate server

Note

This plugin is part of the community.general collection (version 1.3.2).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.udm_user.

Synopsis
Requirements
Parameters
Examples

Synopsis

This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.

Requirements

The below requirements are needed on the host that executes this module.

Python >= 2.6

Parameters

Parameter	Choices/Defaults	Comments
birthday string		Birthday
city string		City of users business address.
country string		Country of users business address.
department_number string		Department number of users business address. aliases: departmentNumber
description string		Description (not gecos)
display_name string		Display name (not gecos) aliases: displayName
email list / elements=string	Default: [""]	A list of e-mail addresses.
employee_number string		Employee number aliases: employeeNumber
employee_type string		Employee type aliases: employeeType
firstname string		First name. Required if `state=present`.
gecos string		GECOS
groups list / elements=string	Default: []	POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: `(&(objectClass=posixGroup`(cn=$GROUP))).
home_share string		Home NFS share. Must be a LDAP DN, e.g. `cn=home,cn=shares,ou=school,dc=example,dc=com`. aliases: homeShare
home_share_path string		Path to home NFS share, inside the homeShare. aliases: homeSharePath
home_telephone_number list / elements=string	Default: []	List of private telephone numbers. aliases: homeTelephoneNumber
homedrive string		Windows home drive, e.g. `"H:"`.
lastname string		Last name. Required if `state=present`.
mail_alternative_address list / elements=string	Default: []	List of alternative e-mail addresses. aliases: mailAlternativeAddress
mail_home_server string		FQDN of mail server aliases: mailHomeServer
mail_primary_address string		Primary e-mail address aliases: mailPrimaryAddress
mobile_telephone_number list / elements=string	Default: []	Mobile phone number aliases: mobileTelephoneNumber
organisation string		Organisation aliases: organization
ou string	Default: ""	Organizational Unit inside the LDAP Base DN, e.g. `school` for LDAP OU `ou=school,dc=example,dc=com`.
overridePWHistory boolean	no ← yes	Override password history aliases: override_pw_history
overridePWLength boolean	no ← yes	Override password check aliases: override_pw_length
pager_telephonenumber list / elements=string	Default: []	List of pager telephone numbers. aliases: pagerTelephonenumber
password string		Password. Required if `state=present`.
phone list / elements=string		List of telephone numbers.
position string	Default: ""	Define the whole position of users object inside the LDAP tree, e.g. `cn=employee,cn=users,ou=school,dc=example,dc=com`.
postcode string		Postal code of users business address.
primary_group string		Primary group. This must be the group LDAP DN. If not specified, it defaults to `cn=Domain Users,cn=groups,$LDAP_BASE_DN`. aliases: primaryGroup
profilepath string		Windows profile directory
pwd_change_next_login string	0 1	Change password on next login. aliases: pwdChangeNextLogin
room_number string		Room number of users business address. aliases: roomNumber
samba_privileges list / elements=string		Samba privilege, like allow printer administration, do domain join. aliases: sambaPrivileges
samba_user_workstations list / elements=string		Allow the authentication only on this Microsoft Windows host. aliases: sambaUserWorkstations
sambahome string		Windows home path, e.g. `'\\$FQDN\$USERNAME'`.
scriptpath string		Windows logon script.
secretary list / elements=string	Default: []	A list of superiors as LDAP DNs.
serviceprovider list / elements=string	Default: [""]	Enable user for the following service providers.
shell string	Default: "/bin/bash"	Login shell
state string	present ← absent	Whether the user is present or not.
street string		Street of users business address.
subpath string	Default: "cn=users"	LDAP subpath inside the organizational unit, e.g. `cn=teachers,cn=users` for LDAP container `cn=teachers,cn=users,dc=example,dc=com`.
title string		Title, e.g. `Prof.`.
unixhome string		Unix home directory If not specified, it defaults to `/home/$USERNAME`.
update_password string	always ← on_create	`always` will update passwords if they differ. `on_create` will only set the password for newly created users.
userexpiry string		Account expiry date, e.g. `1999-12-31`. If not specified, it defaults to the current day plus one year.
username string / required		User name aliases: name

Examples

- name: Create a user on a UCS
  community.general.udm_user:
    name: FooBar
    password: secure_password
    firstname: Foo
    lastname: Bar

- name: Create a user with the DN C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
  community.general.udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    ou: school
    subpath: 'cn=teachers,cn=users'

# or define the position
- name: Create a user with the DN C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
  community.general.udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'

Authors

Tobias Rüetschi (@keachi)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/general/udm_user_module.html