Try SpotterManage posix users on a univention corporate server
| "added in version" 2.2 of ansible.builtin"
Authors: Tobias Rueetschi (@2-B)
preview | supported by community
pipInstall with pip install ansible==2.4.2.0.post1
This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.
# Create a user on a UCS
- udm_user:
name: FooBar
password: secure_password
firstname: Foo
lastname: Bar
# Create a user with the DN
# C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
- udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
ou: school
subpath: 'cn=teachers,cn=users'
# or define the position
- udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'
ou:
default: ''
description:
- Organizational Unit inside the LDAP Base DN, e.g. C(school) for LDAP OU C(ou=school,dc=example,dc=com).
required: false
city:
default: None
description:
- City of users business address.
required: false
email:
default:
- ''
description:
- A list of e-mail addresses.
required: false
gecos:
default: None
description:
- GECOS
required: false
phone:
default: []
description:
- List of telephone numbers.
required: false
shell:
default: /bin/bash
description:
- Login shell
required: false
state:
choices:
- present
- absent
default: present
description:
- Whether the user is present or not.
required: false
title:
default: None
description:
- Title, e.g. C(Prof.).
required: false
groups:
default: []
description:
- 'POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for
each group as $GROUP: C((&(objectClass=posixGroup)(cn=$GROUP))).'
required: false
street:
default: None
description:
- Street of users business address.
required: false
country:
default: None
description:
- Country of users business address.
required: false
subpath:
default: cn=users
description:
- LDAP subpath inside the organizational unit, e.g. C(cn=teachers,cn=users) for LDAP
container C(cn=teachers,cn=users,dc=example,dc=com).
required: false
birthday:
default: None
description:
- Birthday
required: false
lastname:
description:
- Last name. Required if C(state=present).
required: false
password:
default: None
description:
- Password. Required if C(state=present).
required: false
position:
default: ''
description:
- Define the whole position of users object inside the LDAP tree, e.g. C(cn=employee,cn=users,ou=school,dc=example,dc=com).
required: false
postcode:
default: None
description:
- Postal code of users business address.
required: false
unixhome:
default: /home/$USERNAME
description:
- Unix home directory
required: false
username:
aliases:
- name
description:
- User name
required: true
firstname:
description:
- First name. Required if C(state=present).
required: false
homedrive:
default: None
description:
- Windows home drive, e.g. C("H:").
required: false
sambahome:
default: None
description:
- Windows home path, e.g. C('\\$FQDN\$USERNAME').
required: false
secretary:
default: []
description:
- A list of superiors as LDAP DNs.
required: false
home_share:
aliases:
- homeShare
default: None
description:
- Home NFS share. Must be a LDAP DN, e.g. C(cn=home,cn=shares,ou=school,dc=example,dc=com).
required: false
scriptpath:
default: None
description:
- Windows logon script.
required: false
userexpiry:
default: Today + 1 year
description:
- Account expiry date, e.g. C(1999-12-31).
required: false
description:
default: None
description:
- Description (not gecos)
required: false
profilepath:
default: None
description:
- Windows profile directory
required: false
room_number:
aliases:
- roomNumber
default: None
description:
- Room number of users business address.
required: false
display_name:
aliases:
- displayName
default: None
description:
- Display name (not gecos)
required: false
organisation:
default: None
description:
- Organisation
required: false
employee_type:
aliases:
- employeeType
default: None
description:
- Employee type
required: false
primary_group:
aliases:
- primaryGroup
default: cn=Domain Users,cn=groups,$LDAP_BASE_DN
description:
- Primary group. This must be the group LDAP DN.
required: false
employee_number:
aliases:
- employeeNumber
default: None
description:
- Employee number
required: false
home_share_path:
aliases:
- homeSharePath
default: None
description:
- Path to home NFS share, inside the homeShare.
required: false
serviceprovider:
default:
- ''
description:
- Enable user for the following service providers.
required: false
update_password:
default: always
description:
- C(always) will update passwords if they differ. C(on_create) will only set the password
for newly created users.
required: false
version_added: '2.3'
version_added_collection: ansible.builtin
mail_home_server:
aliases:
- mailHomeServer
default: None
description:
- FQDN of mail server
required: false
samba_privileges:
aliases:
- sambaPrivileges
default: []
description:
- Samba privilege, like allow printer administration, do domain join.
required: false
department_number:
aliases:
- departmentNumber
default: None
description:
- Department number of users business address.
required: false
override_pw_length:
aliases:
- overridePWLength
default: false
description:
- Override password check
required: false
override_pw_history:
aliases:
- overridePWHistory
default: false
description:
- Override password history
required: false
mail_primary_address:
aliases:
- mailPrimaryAddress
default: None
description:
- Primary e-mail address
required: false
home_telephone_number:
aliases:
- homeTelephoneNumber
default: []
description:
- List of private telephone numbers.
required: false
pager_telephonenumber:
aliases:
- pagerTelephonenumber
default: []
description:
- List of pager telephone numbers.
required: false
pwd_change_next_login:
aliases:
- pwdChangeNextLogin
choices:
- '0'
- '1'
default: None
description:
- Change password on next login.
required: false
mobile_telephone_number:
aliases:
- mobileTelephoneNumber
default: []
description:
- Mobile phone number
required: false
samba_user_workstations:
aliases:
- sambaUserWorkstations
default: []
description:
- Allow the authentication only on this Microsoft Windows host.
required: false
mail_alternative_address:
aliases:
- mailAlternativeAddress
default: []
description:
- List of alternative e-mail addresses.
required: false