udm_user – Manage posix users on a univention corporate server

From Get docs
Ansible/docs/2.7/modules/udm user module


udm_user – Manage posix users on a univention corporate server

New in version 2.2.


Synopsis

  • This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.

Requirements

The below requirements are needed on the host that executes this module.

  • Python >= 2.6

Parameters

Parameter Choices/Defaults Comments

birthday

-

Birthday

city

-

City of users business address.

country

-

Country of users business address.

department_number

-

Department number of users business address.


aliases: departmentNumber

description

-

Description (not gecos)

display_name

-

Display name (not gecos)


aliases: displayName

email

-

Default:

[]

A list of e-mail addresses.

employee_number

-

Employee number


aliases: employeeNumber

employee_type

-

Employee type


aliases: employeeType

firstname

-

First name. Required if state=present.

gecos

-

GECOS

groups

-

Default:

[]

POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: (&(objectClass=posixGroup(cn=$GROUP))).

home_share

-

Home NFS share. Must be a LDAP DN, e.g. cn=home,cn=shares,ou=school,dc=example,dc=com.


aliases: homeShare

home_share_path

-

Path to home NFS share, inside the homeShare.


aliases: homeSharePath

home_telephone_number

-

Default:

[]

List of private telephone numbers.


aliases: homeTelephoneNumber

homedrive

-

Windows home drive, e.g. "H:".

lastname

-

Last name. Required if state=present.

mail_alternative_address

-

Default:

[]

List of alternative e-mail addresses.


aliases: mailAlternativeAddress

mail_home_server

-

FQDN of mail server


aliases: mailHomeServer

mail_primary_address

-

Primary e-mail address


aliases: mailPrimaryAddress

mobile_telephone_number

-

Default:

[]

Mobile phone number


aliases: mobileTelephoneNumber

organisation

-

Organisation

ou

-

Default:

""

Organizational Unit inside the LDAP Base DN, e.g. school for LDAP OU ou=school,dc=example,dc=com.

override_pw_history

boolean

  • no

  • yes

Override password history


aliases: overridePWHistory

override_pw_length

boolean

  • no

  • yes

Override password check


aliases: overridePWLength

pager_telephonenumber

-

Default:

[]

List of pager telephone numbers.


aliases: pagerTelephonenumber

password

-

Password. Required if state=present.

phone

-

List of telephone numbers.

position

-

Default:

""

Define the whole position of users object inside the LDAP tree, e.g. cn=employee,cn=users,ou=school,dc=example,dc=com.

postcode

-

Postal code of users business address.

primary_group

-

Default:

"cn=Domain Users,cn=groups,$LDAP_BASE_DN"

Primary group. This must be the group LDAP DN.


aliases: primaryGroup

profilepath

-

Windows profile directory

pwd_change_next_login

-

  • 0
  • 1

Change password on next login.


aliases: pwdChangeNextLogin

room_number

-

Room number of users business address.


aliases: roomNumber

samba_privileges

-

Samba privilege, like allow printer administration, do domain join.


aliases: sambaPrivileges

samba_user_workstations

-

Allow the authentication only on this Microsoft Windows host.


aliases: sambaUserWorkstations

sambahome

-

Windows home path, e.g. '\\$FQDN\$USERNAME'.

scriptpath

-

Windows logon script.

secretary

-

Default:

[]

A list of superiors as LDAP DNs.

serviceprovider

-

Default:

[]

Enable user for the following service providers.

shell

-

Default:

"/bin/bash"

Login shell

state

-

  • present

  • absent

Whether the user is present or not.

street

-

Street of users business address.

subpath

-

Default:

"cn=users"

LDAP subpath inside the organizational unit, e.g. cn=teachers,cn=users for LDAP container cn=teachers,cn=users,dc=example,dc=com.

title

-

Title, e.g. Prof..

unixhome

-

Default:

"/home/$USERNAME"

Unix home directory

update_password

-

added in 2.3

Default:

"always"

always will update passwords if they differ. on_create will only set the password for newly created users.

userexpiry

-

Default:

"Today + 1 year"

Account expiry date, e.g. 1999-12-31.

username

- / required

User name


aliases: name



Examples

# Create a user on a UCS
- udm_user:
    name: FooBar
    password: secure_password
    firstname: Foo
    lastname: Bar

# Create a user with the DN
# C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
- udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    ou: school
    subpath: 'cn=teachers,cn=users'
# or define the position
- udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'

Status

Authors

  • Tobias Rueetschi (@2-B)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/udm_user_module.html