community.general.udm_user – Manage posix users on a univention corporate server

Note

This plugin is part of the community.general collection (version 3.8.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.udm_user.

Synopsis

  • This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.

Requirements

The below requirements are needed on the host that executes this module.

  • Python >= 2.6

Parameters

Parameter Choices/Defaults Comments
birthday
string
Birthday
city
string
City of users business address.
country
string
Country of users business address.
department_number
string
Department number of users business address.

aliases: departmentNumber
description
string
Description (not gecos)
display_name
string
Display name (not gecos)

aliases: displayName
email
list / elements=string
Default:
[""]
A list of e-mail addresses.
employee_number
string
Employee number

aliases: employeeNumber
employee_type
string
Employee type

aliases: employeeType
firstname
string
First name. Required if state=present.
gecos
string
GECOS
groups
list / elements=string
Default:
[]
POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: (&(objectClass=posixGroup(cn=$GROUP))).
home_share
string
Home NFS share. Must be a LDAP DN, e.g. cn=home,cn=shares,ou=school,dc=example,dc=com.

aliases: homeShare
home_share_path
string
Path to home NFS share, inside the homeShare.

aliases: homeSharePath
home_telephone_number
list / elements=string
Default:
[]
List of private telephone numbers.

aliases: homeTelephoneNumber
homedrive
string
Windows home drive, e.g. "H:".
lastname
string
Last name. Required if state=present.
mail_alternative_address
list / elements=string
Default:
[]
List of alternative e-mail addresses.

aliases: mailAlternativeAddress
mail_home_server
string
FQDN of mail server

aliases: mailHomeServer
mail_primary_address
string
Primary e-mail address

aliases: mailPrimaryAddress
mobile_telephone_number
list / elements=string
Default:
[]
Mobile phone number

aliases: mobileTelephoneNumber
organisation
string
Organisation

aliases: organization
ou
string
Default:
""
Organizational Unit inside the LDAP Base DN, e.g. school for LDAP OU ou=school,dc=example,dc=com.
overridePWHistory
boolean
    Choices:
  • no
  • yes
Override password history

aliases: override_pw_history
overridePWLength
boolean
    Choices:
  • no
  • yes
Override password check

aliases: override_pw_length
pager_telephonenumber
list / elements=string
Default:
[]
List of pager telephone numbers.

aliases: pagerTelephonenumber
password
string
Password. Required if state=present.
phone
list / elements=string
List of telephone numbers.
position
string
Default:
""
Define the whole position of users object inside the LDAP tree, e.g. cn=employee,cn=users,ou=school,dc=example,dc=com.
postcode
string
Postal code of users business address.
primary_group
string
Primary group. This must be the group LDAP DN.
If not specified, it defaults to cn=Domain Users,cn=groups,$LDAP_BASE_DN.

aliases: primaryGroup
profilepath
string
Windows profile directory
pwd_change_next_login
string
    Choices:
  • 0
  • 1
Change password on next login.

aliases: pwdChangeNextLogin
room_number
string
Room number of users business address.

aliases: roomNumber
samba_privileges
list / elements=string
Samba privilege, like allow printer administration, do domain join.

aliases: sambaPrivileges
samba_user_workstations
list / elements=string
Allow the authentication only on this Microsoft Windows host.

aliases: sambaUserWorkstations
sambahome
string
Windows home path, e.g. '\\$FQDN\$USERNAME'.
scriptpath
string
Windows logon script.
secretary
list / elements=string
Default:
[]
A list of superiors as LDAP DNs.
serviceprovider
list / elements=string
Default:
[""]
Enable user for the following service providers.
shell
string
Default:
"/bin/bash"
Login shell
state
string
    Choices:
  • present
  • absent
Whether the user is present or not.
street
string
Street of users business address.
subpath
string
Default:
"cn=users"
LDAP subpath inside the organizational unit, e.g. cn=teachers,cn=users for LDAP container cn=teachers,cn=users,dc=example,dc=com.
title
string
Title, e.g. Prof..
unixhome
string
Unix home directory
If not specified, it defaults to /home/$USERNAME.
update_password
string
    Choices:
  • always
  • on_create
always will update passwords if they differ. on_create will only set the password for newly created users.
userexpiry
string
Account expiry date, e.g. 1999-12-31.
If not specified, it defaults to the current day plus one year.
username
string / required
User name

aliases: name

Examples

- name: Create a user on a UCS
  community.general.udm_user:
    name: FooBar
    password: secure_password
    firstname: Foo
    lastname: Bar

- name: Create a user with the DN C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
  community.general.udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    ou: school
    subpath: 'cn=teachers,cn=users'

# or define the position
- name: Create a user with the DN C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
  community.general.udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'

Authors

  • Tobias Rüetschi (@keachi)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/udm_user_module.html