community.general.ipa_user – Manage FreeIPA users
community.general.ipa_user – Manage FreeIPA users
Note
This plugin is part of the community.general collection (version 2.0.1).
To install it use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.ipa_user.
Synopsis
- Add, modify and delete user within IPA server.
Requirements
The below requirements are needed on the host that executes this module.
- base64
- hashlib
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
displayname string |
Display name. | |
|
gidnumber string |
Posix Group ID. | |
|
givenname string |
First name. | |
|
homedirectory string added in 0.2.0 of community.general |
Default home directory of the user. | |
|
ipa_host string |
Default: "ipa.example.com" |
IP or hostname of IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable The relevant entry needed in FreeIPA is the 'ipa-ca' entry. If neither the DNS entry, nor the environment Environment variable fallback mechanism is added in Ansible 2.5. |
|
ipa_pass string |
Password of administrative user. If the value is not specified in the task, the value of environment variable Note that if the 'urllib_gssapi' library is available, it is possible to use GSSAPI to authenticate to FreeIPA. If the environment variable If the environment variable If GSSAPI is not available, the usage of 'ipa_pass' is required. Environment variable fallback mechanism is added in Ansible 2.5. | |
|
ipa_port integer |
Default: 443 |
Port of FreeIPA / IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable Environment variable fallback mechanism is added in Ansible 2.5. |
|
ipa_prot string |
|
Protocol used by IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable Environment variable fallback mechanism is added in Ansible 2.5. |
|
ipa_timeout integer |
Default: 10 |
Specifies idle timeout (in seconds) for the connection. For bulk operations, you may want to increase this in order to avoid timeout from IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable |
|
ipa_user string |
Default: "admin" |
Administrative account used on IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable Environment variable fallback mechanism is added in Ansible 2.5. |
|
krbpasswordexpiration string |
Date at which the user password will expire. In the format YYYYMMddHHmmss. e.g. 20180121182022 will expire on 21 January 2018 at 18:20:22. | |
|
loginshell string |
Login shell. | |
|
list / elements=string |
List of mail addresses assigned to the user. If an empty list is passed all assigned email addresses will be deleted. If None is passed email addresses will not be checked or changed. | |
|
password string |
Password for a user. Will not be set for an existing user unless update_password=always, which is the default. | |
|
sn string |
Surname. | |
|
sshpubkey list / elements=string |
List of public SSH key. If an empty list is passed all assigned public keys will be deleted. If None is passed SSH public keys will not be checked or changed. | |
|
state string |
|
State to ensure. |
|
telephonenumber list / elements=string |
List of telephone numbers assigned to the user. If an empty list is passed all assigned telephone numbers will be deleted. If None is passed telephone numbers will not be checked or changed. | |
|
title string |
Title. | |
|
uid string / required |
uid of the user.
| |
|
uidnumber string |
Account Settings UID/Posix User ID number. | |
|
update_password string |
|
Set password for a user. |
|
userauthtype string added in 1.2.0 of community.general |
|
The authentication type to use for the user. |
|
validate_certs boolean |
|
This only applies if If set to This should only set to |
Examples
- name: Ensure pinky is present and always reset password
community.general.ipa_user:
name: pinky
state: present
krbpasswordexpiration: 20200119235959
givenname: Pinky
sn: Acme
mail:
- [email protected]
telephonenumber:
- '+555123456'
sshpubkey:
- ssh-rsa ....
- ssh-dsa ....
uidnumber: '1001'
gidnumber: '100'
homedirectory: /home/pinky
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Ensure brain is absent
community.general.ipa_user:
name: brain
state: absent
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Ensure pinky is present but don't reset password if already exists
community.general.ipa_user:
name: pinky
state: present
givenname: Pinky
sn: Acme
password: zounds
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
update_password: on_create
- name: Ensure pinky is present and using one time password authentication
community.general.ipa_user:
name: pinky
state: present
userauthtype: otp
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecretReturn Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
user dictionary |
always |
User as returned by IPA API
|
Authors
- Thomas Krahn (@Nosmoht)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/general/ipa_user_module.html
