udm_user - Manage posix users on a univention corporate server
New in version 2.2.
Synopsis
- This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.
Requirements (on host that executes module)
- Python >= 2.6
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| birthday | no | None | Birthday | |
| city | no | None | City of users business address. | |
| country | no | None | Country of users business address. | |
| department_number | no | None | Department number of users business address. aliases: departmentNumber | |
| description | no | None | Description (not gecos) | |
| display_name | no | None | Display name (not gecos) aliases: displayName | |
| email | no | [u''] | A list of e-mail addresses. | |
| employee_number | no | None | Employee number aliases: employeeNumber | |
| employee_type | no | None | Employee type aliases: employeeType | |
| firstname | no | First name. Required if state=present. | ||
| gecos | no | None | GECOS | |
| groups | no | POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: (&(objectClass=posixGroup(cn=$GROUP))). | ||
| home_share | no | None | Home NFS share. Must be a LDAP DN, e.g. cn=home,cn=shares,ou=school,dc=example,dc=com.aliases: homeShare | |
| home_share_path | no | None | Path to home NFS share, inside the homeShare. aliases: homeSharePath | |
| home_telephone_number | no | List of private telephone numbers. aliases: homeTelephoneNumber | ||
| homedrive | no | None | Windows home drive, e.g. "H:". | |
| lastname | no | Last name. Required if state=present. | ||
| mail_alternative_address | no | List of alternative e-mail addresses. aliases: mailAlternativeAddress | ||
| mail_home_server | no | None | FQDN of mail server aliases: mailHomeServer | |
| mail_primary_address | no | None | Primary e-mail address aliases: mailPrimaryAddress | |
| mobile_telephone_number | no | Mobile phone number aliases: mobileTelephoneNumber | ||
| organisation | no | None | Organisation | |
| ou | no | Organizational Unit inside the LDAP Base DN, e.g. school for LDAP OU ou=school,dc=example,dc=com. | ||
| override_pw_history | no | Override password history aliases: overridePWHistory | ||
| override_pw_length | no | Override password check aliases: overridePWLength | ||
| pager_telephonenumber | no | List of pager telephone numbers. aliases: pagerTelephonenumber | ||
| password | no | None | Password. Required if state=present. | |
| phone | no | List of telephone numbers. | ||
| position | no | Define the whole position of users object inside the LDAP tree, e.g. cn=employee,cn=users,ou=school,dc=example,dc=com. | ||
| postcode | no | None | Postal code of users business address. | |
| primary_group | no | cn=Domain Users,cn=groups,$LDAP_BASE_DN | Primary group. This must be the group LDAP DN. aliases: primaryGroup | |
| profilepath | no | None | Windows profile directory | |
| pwd_change_next_login | no | None |
| Change password on next login. aliases: pwdChangeNextLogin |
| room_number | no | None | Room number of users business address. aliases: roomNumber | |
| samba_privileges | no | Samba privilege, like allow printer administration, do domain join. aliases: sambaPrivileges | ||
| samba_user_workstations | no | Allow the authentication only on this Microsoft Windows host. aliases: sambaUserWorkstations | ||
| sambahome | no | None | Windows home path, e.g. '\\$FQDN\$USERNAME'. | |
| scriptpath | no | None | Windows logon script. | |
| secretary | no | A list of superiors as LDAP DNs. | ||
| serviceprovider | no | [u''] | Enable user for the following service providers. | |
| shell | no | /bin/bash | Login shell | |
| state | no | present |
| Whether the user is present or not. |
| street | no | None | Street of users business address. | |
| subpath | no | cn=users | LDAP subpath inside the organizational unit, e.g. cn=teachers,cn=users for LDAP container cn=teachers,cn=users,dc=example,dc=com. | |
| title | no | None | Title, e.g. Prof.. | |
| unixhome | no | /home/$USERNAME | Unix home directory | |
| update_password (added in 2.3)
| no | always | always will update passwords if they differ. on_create will only set the password for newly created users. | |
| userexpiry | no | Today + 1 year | Account expiry date, e.g. 1999-12-31. | |
| username | yes | User name aliases: name |
Examples
# Create a user on a UCS
- udm_user:
name: FooBar
password: secure_password
firstname: Foo
lastname: Bar
# Create a user with the DN
# C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
- udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
ou: school
subpath: 'cn=teachers,cn=users'
# or define the position
- udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/udm_user_module.html