udm_user - Manage posix users on a univention corporate server
New in version 2.2.
Synopsis
- This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.
Requirements
The below requirements are needed on the host that executes this module.
- Python >= 2.6
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| birthday | Default: None | Birthday |
| city | Default: None | City of users business address. |
| country | Default: None | Country of users business address. |
| department_number | Default: None | Department number of users business address. aliases: departmentNumber |
| description | Default: None | Description (not gecos) |
| display_name | Default: None | Display name (not gecos) aliases: displayName |
| Default: [u''] | A list of e-mail addresses. | |
| employee_number | Default: None | Employee number aliases: employeeNumber |
| employee_type | Default: None | Employee type aliases: employeeType |
| firstname | First name. Required if state=present. | |
| gecos | Default: None | GECOS |
| groups | Default: [] | POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: (&(objectClass=posixGroup(cn=$GROUP))). |
| home_share | Default: None | Home NFS share. Must be a LDAP DN, e.g. cn=home,cn=shares,ou=school,dc=example,dc=com.aliases: homeShare |
| home_share_path | Default: None | Path to home NFS share, inside the homeShare. aliases: homeSharePath |
| home_telephone_number | Default: [] | List of private telephone numbers. aliases: homeTelephoneNumber |
| homedrive | Default: None | Windows home drive, e.g. "H:". |
| lastname | Last name. Required if state=present. | |
| mail_alternative_address | Default: [] | List of alternative e-mail addresses. aliases: mailAlternativeAddress |
| mail_home_server | Default: None | FQDN of mail server aliases: mailHomeServer |
| mail_primary_address | Default: None | Primary e-mail address aliases: mailPrimaryAddress |
| mobile_telephone_number | Default: [] | Mobile phone number aliases: mobileTelephoneNumber |
| organisation | Default: None | Organisation |
| ou | Default: | Organizational Unit inside the LDAP Base DN, e.g. school for LDAP OU ou=school,dc=example,dc=com. |
| override_pw_history | Default: no | Override password history aliases: overridePWHistory |
| override_pw_length | Default: no | Override password check aliases: overridePWLength |
| pager_telephonenumber | Default: [] | List of pager telephone numbers. aliases: pagerTelephonenumber |
| password | Default: None | Password. Required if state=present. |
| phone | Default: [] | List of telephone numbers. |
| position | Default: | Define the whole position of users object inside the LDAP tree, e.g. cn=employee,cn=users,ou=school,dc=example,dc=com. |
| postcode | Default: None | Postal code of users business address. |
| primary_group | Default: cn=Domain Users,cn=groups,$LDAP_BASE_DN | Primary group. This must be the group LDAP DN. aliases: primaryGroup |
| profilepath | Default: None | Windows profile directory |
| pwd_change_next_login |
None | Change password on next login. aliases: pwdChangeNextLogin |
| room_number | Default: None | Room number of users business address. aliases: roomNumber |
| samba_privileges | Default: [] | Samba privilege, like allow printer administration, do domain join. aliases: sambaPrivileges |
| samba_user_workstations | Default: [] | Allow the authentication only on this Microsoft Windows host. aliases: sambaUserWorkstations |
| sambahome | Default: None | Windows home path, e.g. '\\$FQDN\$USERNAME'. |
| scriptpath | Default: None | Windows logon script. |
| secretary | Default: [] | A list of superiors as LDAP DNs. |
| serviceprovider | Default: [u''] | Enable user for the following service providers. |
| shell | Default: /bin/bash | Login shell |
| state |
| Whether the user is present or not. |
| street | Default: None | Street of users business address. |
| subpath | Default: cn=users | LDAP subpath inside the organizational unit, e.g. cn=teachers,cn=users for LDAP container cn=teachers,cn=users,dc=example,dc=com. |
| title | Default: None | Title, e.g. Prof.. |
| unixhome | Default: /home/$USERNAME | Unix home directory |
| update_password (added in 2.3) | Default: always | always will update passwords if they differ. on_create will only set the password for newly created users. |
| userexpiry | Default: Today + 1 year | Account expiry date, e.g. 1999-12-31. |
| username required | User name aliases: name |
Examples
# Create a user on a UCS
- udm_user:
name: FooBar
password: secure_password
firstname: Foo
lastname: Bar
# Create a user with the DN
# C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
- udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
ou: school
subpath: 'cn=teachers,cn=users'
# or define the position
- udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Author
- Tobias Rueetschi (@2-B)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.5/modules/udm_user_module.html