ipa_user - Manage FreeIPA users
New in version 2.3.
Synopsis
- Add, modify and delete user within IPA server
Requirements (on host that executes module)
- base64
- hashlib
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| displayname | no | Display name | ||
| givenname | no | First name | ||
| ipa_host | no | ipa.example.com | IP or hostname of IPA server | |
| ipa_pass | yes | Password of administrative user | ||
| ipa_port | no | 443 | Port of IPA server | |
| ipa_prot | no | https |
| Protocol used by IPA server |
| ipa_user | no | admin | Administrative account used on IPA server | |
| loginshell | no | Login shell | ||
| mail | no | List of mail addresses assigned to the user. If an empty list is passed all assigned email addresses will be deleted. If None is passed email addresses will not be checked or changed. | ||
| password | no | Password | ||
| sn | no | Surname | ||
| sshpubkey | no | List of public SSH key. If an empty list is passed all assigned public keys will be deleted. If None is passed SSH public keys will not be checked or changed. | ||
| state | no | present |
| State to ensure |
| telephonenumber | no | List of telephone numbers assigned to the user. If an empty list is passed all assigned telephone numbers will be deleted. If None is passed telephone numbers will not be checked or changed. | ||
| title | no | Title | ||
| uid | yes | uid of the user aliases: name | ||
| validate_certs | no | True | This only applies if ipa_prot is https.If set to no, the SSL certificates will not be validated.This should only set to no used on personally controlled sites using self-signed certificates. |
Examples
# Ensure pinky is present
- ipa_user:
name: pinky
state: present
givenname: Pinky
sn: Acme
mail:
- [email protected]
telephonenumber:
- '+555123456'
sshpubkeyfp:
- ssh-rsa ....
- ssh-dsa ....
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
# Ensure brain is absent
- ipa_user:
name: brain
state: absent
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| user | User as returned by IPA API | always | dict |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/ipa_user_module.html