ansible / ansible.builtin / v2.9.0 / module / udm_user Manage posix users on a univention corporate server | "added in version" 2.2 of ansible.builtin" Authors: Tobias Rüetschi (@keachi) preview | supported by communityansible.builtin.udm_user (v2.9.0) — module
pip
Install with pip install ansible==2.9.0
This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.
# Create a user on a UCS - udm_user: name: FooBar password: secure_password firstname: Foo lastname: Bar
# Create a user with the DN # C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com) - udm_user: name: foo password: secure_password firstname: Foo lastname: Bar ou: school subpath: 'cn=teachers,cn=users'
# or define the position - udm_user: name: foo password: secure_password firstname: Foo lastname: Bar position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'
ou: default: '' description: - Organizational Unit inside the LDAP Base DN, e.g. C(school) for LDAP OU C(ou=school,dc=example,dc=com). city: description: - City of users business address. email: default: [] description: - A list of e-mail addresses. gecos: description: - GECOS phone: description: - List of telephone numbers. shell: default: /bin/bash description: - Login shell state: choices: - present - absent default: present description: - Whether the user is present or not. title: description: - Title, e.g. C(Prof.). groups: default: [] description: - 'POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: C((&(objectClass=posixGroup)(cn=$GROUP))).' street: description: - Street of users business address. country: description: - Country of users business address. subpath: default: cn=users description: - LDAP subpath inside the organizational unit, e.g. C(cn=teachers,cn=users) for LDAP container C(cn=teachers,cn=users,dc=example,dc=com). birthday: description: - Birthday lastname: description: - Last name. Required if C(state=present). password: description: - Password. Required if C(state=present). position: default: '' description: - Define the whole position of users object inside the LDAP tree, e.g. C(cn=employee,cn=users,ou=school,dc=example,dc=com). postcode: description: - Postal code of users business address. unixhome: default: /home/$USERNAME description: - Unix home directory username: aliases: - name description: - User name required: true firstname: description: - First name. Required if C(state=present). homedrive: description: - Windows home drive, e.g. C("H:"). sambahome: description: - Windows home path, e.g. C('\\$FQDN\$USERNAME'). secretary: default: [] description: - A list of superiors as LDAP DNs. home_share: aliases: - homeShare description: - Home NFS share. Must be a LDAP DN, e.g. C(cn=home,cn=shares,ou=school,dc=example,dc=com). scriptpath: description: - Windows logon script. userexpiry: default: Today + 1 year description: - Account expiry date, e.g. C(1999-12-31). description: description: - Description (not gecos) profilepath: description: - Windows profile directory room_number: aliases: - roomNumber description: - Room number of users business address. display_name: aliases: - displayName description: - Display name (not gecos) organisation: aliases: - organization description: - Organisation employee_type: aliases: - employeeType description: - Employee type primary_group: aliases: - primaryGroup default: cn=Domain Users,cn=groups,$LDAP_BASE_DN description: - Primary group. This must be the group LDAP DN. employee_number: aliases: - employeeNumber description: - Employee number home_share_path: aliases: - homeSharePath description: - Path to home NFS share, inside the homeShare. serviceprovider: default: [] description: - Enable user for the following service providers. update_password: default: always description: - C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users. version_added: '2.3' version_added_collection: ansible.builtin mail_home_server: aliases: - mailHomeServer description: - FQDN of mail server samba_privileges: aliases: - sambaPrivileges description: - Samba privilege, like allow printer administration, do domain join. department_number: aliases: - departmentNumber description: - Department number of users business address. override_pw_length: aliases: - overridePWLength default: 'no' description: - Override password check type: bool override_pw_history: aliases: - overridePWHistory default: 'no' description: - Override password history type: bool mail_primary_address: aliases: - mailPrimaryAddress description: - Primary e-mail address home_telephone_number: aliases: - homeTelephoneNumber default: [] description: - List of private telephone numbers. pager_telephonenumber: aliases: - pagerTelephonenumber default: [] description: - List of pager telephone numbers. pwd_change_next_login: aliases: - pwdChangeNextLogin choices: - '0' - '1' description: - Change password on next login. mobile_telephone_number: aliases: - mobileTelephoneNumber default: [] description: - Mobile phone number samba_user_workstations: aliases: - sambaUserWorkstations description: - Allow the authentication only on this Microsoft Windows host. mail_alternative_address: aliases: - mailAlternativeAddress default: [] description: - List of alternative e-mail addresses.