Try SpotterManage posix users on a univention corporate server
| "added in version" 2.2 of ansible.builtin"
Authors: Tobias Rüetschi (@keachi)
preview | supported by community
pipInstall with pip install ansible==2.9.27
This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.
# Create a user on a UCS
- udm_user:
name: FooBar
password: secure_password
firstname: Foo
lastname: Bar
# Create a user with the DN
# C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
- udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
ou: school
subpath: 'cn=teachers,cn=users'
# or define the position
- udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'
ou:
default: ''
description:
- Organizational Unit inside the LDAP Base DN, e.g. C(school) for LDAP OU C(ou=school,dc=example,dc=com).
city:
description:
- City of users business address.
email:
default: []
description:
- A list of e-mail addresses.
gecos:
description:
- GECOS
phone:
description:
- List of telephone numbers.
shell:
default: /bin/bash
description:
- Login shell
state:
choices:
- present
- absent
default: present
description:
- Whether the user is present or not.
title:
description:
- Title, e.g. C(Prof.).
groups:
default: []
description:
- 'POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for
each group as $GROUP: C((&(objectClass=posixGroup)(cn=$GROUP))).'
street:
description:
- Street of users business address.
country:
description:
- Country of users business address.
subpath:
default: cn=users
description:
- LDAP subpath inside the organizational unit, e.g. C(cn=teachers,cn=users) for LDAP
container C(cn=teachers,cn=users,dc=example,dc=com).
birthday:
description:
- Birthday
lastname:
description:
- Last name. Required if C(state=present).
password:
description:
- Password. Required if C(state=present).
position:
default: ''
description:
- Define the whole position of users object inside the LDAP tree, e.g. C(cn=employee,cn=users,ou=school,dc=example,dc=com).
postcode:
description:
- Postal code of users business address.
unixhome:
default: /home/$USERNAME
description:
- Unix home directory
username:
aliases:
- name
description:
- User name
required: true
firstname:
description:
- First name. Required if C(state=present).
homedrive:
description:
- Windows home drive, e.g. C("H:").
sambahome:
description:
- Windows home path, e.g. C('\\$FQDN\$USERNAME').
secretary:
default: []
description:
- A list of superiors as LDAP DNs.
home_share:
aliases:
- homeShare
description:
- Home NFS share. Must be a LDAP DN, e.g. C(cn=home,cn=shares,ou=school,dc=example,dc=com).
scriptpath:
description:
- Windows logon script.
userexpiry:
default: Today + 1 year
description:
- Account expiry date, e.g. C(1999-12-31).
description:
description:
- Description (not gecos)
profilepath:
description:
- Windows profile directory
room_number:
aliases:
- roomNumber
description:
- Room number of users business address.
display_name:
aliases:
- displayName
description:
- Display name (not gecos)
organisation:
aliases:
- organization
description:
- Organisation
employee_type:
aliases:
- employeeType
description:
- Employee type
primary_group:
aliases:
- primaryGroup
default: cn=Domain Users,cn=groups,$LDAP_BASE_DN
description:
- Primary group. This must be the group LDAP DN.
employee_number:
aliases:
- employeeNumber
description:
- Employee number
home_share_path:
aliases:
- homeSharePath
description:
- Path to home NFS share, inside the homeShare.
serviceprovider:
default: []
description:
- Enable user for the following service providers.
update_password:
default: always
description:
- C(always) will update passwords if they differ. C(on_create) will only set the password
for newly created users.
version_added: '2.3'
version_added_collection: ansible.builtin
mail_home_server:
aliases:
- mailHomeServer
description:
- FQDN of mail server
samba_privileges:
aliases:
- sambaPrivileges
description:
- Samba privilege, like allow printer administration, do domain join.
department_number:
aliases:
- departmentNumber
description:
- Department number of users business address.
override_pw_length:
aliases:
- overridePWLength
default: 'no'
description:
- Override password check
type: bool
override_pw_history:
aliases:
- overridePWHistory
default: 'no'
description:
- Override password history
type: bool
mail_primary_address:
aliases:
- mailPrimaryAddress
description:
- Primary e-mail address
home_telephone_number:
aliases:
- homeTelephoneNumber
default: []
description:
- List of private telephone numbers.
pager_telephonenumber:
aliases:
- pagerTelephonenumber
default: []
description:
- List of pager telephone numbers.
pwd_change_next_login:
aliases:
- pwdChangeNextLogin
choices:
- '0'
- '1'
description:
- Change password on next login.
mobile_telephone_number:
aliases:
- mobileTelephoneNumber
default: []
description:
- Mobile phone number
samba_user_workstations:
aliases:
- sambaUserWorkstations
description:
- Allow the authentication only on this Microsoft Windows host.
mail_alternative_address:
aliases:
- mailAlternativeAddress
default: []
description:
- List of alternative e-mail addresses.