/ home / community / community.general / 8.5.0 / module / udm_user

community.general.udm_user (8.5.0) — module

Manage posix users on a univention corporate server

Authors: Tobias Rüetschi (@keachi)

Install collection

Install with ansible-galaxy collection install community.general:==8.5.0

Add to requirements.yml

  collections:
    - name: community.general
      version: 8.5.0

Description

This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.

Usage examples

Scanned by Steampunk Spotter

- name: Create a user on a UCS
  community.general.udm_user:
    name: FooBar
    password: secure_password
    firstname: Foo
    lastname: Bar

Scanned by Steampunk Spotter

- name: Create a user with the DN uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com
  community.general.udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    ou: school
    subpath: 'cn=teachers,cn=users'

Scanned by Steampunk Spotter

# or define the position
- name: Create a user with the DN uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com
  community.general.udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'

Inputs

    
ou:
    default: ''
    description:
    - Organizational Unit inside the LDAP Base DN, for example V(school) for LDAP OU C(ou=school,dc=example,dc=com).
    type: str

city:
    description:
    - City of users business address.
    type: str

email:
    default:
    - ''
    description:
    - A list of e-mail addresses.
    elements: str
    type: list

gecos:
    description:
    - GECOS
    type: str

phone:
    default: []
    description:
    - List of telephone numbers.
    elements: str
    type: list

shell:
    default: /bin/bash
    description:
    - Login shell
    type: str

state:
    choices:
    - present
    - absent
    default: present
    description:
    - Whether the user is present or not.
    type: str

title:
    description:
    - Title, for example V(Prof.).
    type: str

groups:
    default: []
    description:
    - 'POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for
      each group as $GROUP: V((&(objectClass=posixGroup\)(cn=$GROUP\)\)).'
    elements: str
    type: list

street:
    description:
    - Street of users business address.
    type: str

country:
    description:
    - Country of users business address.
    type: str

subpath:
    default: cn=users
    description:
    - LDAP subpath inside the organizational unit, for example V(cn=teachers,cn=users)
      for LDAP container C(cn=teachers,cn=users,dc=example,dc=com).
    type: str

birthday:
    description:
    - Birthday
    type: str

lastname:
    description:
    - Last name. Required if O(state=present).
    type: str

password:
    description:
    - Password. Required if O(state=present).
    type: str

position:
    default: ''
    description:
    - Define the whole position of users object inside the LDAP tree, for example V(cn=employee,cn=users,ou=school,dc=example,dc=com).
    type: str

postcode:
    description:
    - Postal code of users business address.
    type: str

unixhome:
    description:
    - Unix home directory
    - If not specified, it defaults to C(/home/$USERNAME).
    type: str

username:
    aliases:
    - name
    description:
    - User name
    required: true
    type: str

firstname:
    description:
    - First name. Required if O(state=present).
    type: str

homedrive:
    description:
    - Windows home drive, for example V("H:").
    type: str

sambahome:
    description:
    - Windows home path, for example V('\\\\$FQDN\\$USERNAME').
    type: str

secretary:
    default: []
    description:
    - A list of superiors as LDAP DNs.
    elements: str
    type: list

home_share:
    aliases:
    - homeShare
    description:
    - Home NFS share. Must be a LDAP DN, e.g. V(cn=home,cn=shares,ou=school,dc=example,dc=com).
    type: str

scriptpath:
    description:
    - Windows logon script.
    type: str

userexpiry:
    description:
    - Account expiry date, for example V(1999-12-31).
    - If not specified, it defaults to the current day plus one year.
    type: str

description:
    description:
    - Description (not gecos)
    type: str

profilepath:
    description:
    - Windows profile directory
    type: str

room_number:
    aliases:
    - roomNumber
    description:
    - Room number of users business address.
    type: str

display_name:
    aliases:
    - displayName
    description:
    - Display name (not gecos)
    type: str

organisation:
    aliases:
    - organization
    description:
    - Organisation
    type: str

employee_type:
    aliases:
    - employeeType
    description:
    - Employee type
    type: str

primary_group:
    aliases:
    - primaryGroup
    description:
    - Primary group. This must be the group LDAP DN.
    - If not specified, it defaults to V(cn=Domain Users,cn=groups,$LDAP_BASE_DN).
    type: str

employee_number:
    aliases:
    - employeeNumber
    description:
    - Employee number
    type: str

home_share_path:
    aliases:
    - homeSharePath
    description:
    - Path to home NFS share, inside the homeShare.
    type: str

serviceprovider:
    default:
    - ''
    description:
    - Enable user for the following service providers.
    elements: str
    type: list

update_password:
    choices:
    - always
    - on_create
    default: always
    description:
    - V(always) will update passwords if they differ. V(on_create) will only set the password
      for newly created users.
    type: str

mail_home_server:
    aliases:
    - mailHomeServer
    description:
    - FQDN of mail server
    type: str

overridePWLength:
    aliases:
    - override_pw_length
    default: false
    description:
    - Override password check
    type: bool

samba_privileges:
    aliases:
    - sambaPrivileges
    default: []
    description:
    - Samba privilege, like allow printer administration, do domain join.
    elements: str
    type: list

department_number:
    aliases:
    - departmentNumber
    description:
    - Department number of users business address.
    type: str

overridePWHistory:
    aliases:
    - override_pw_history
    default: false
    description:
    - Override password history
    type: bool

mail_primary_address:
    aliases:
    - mailPrimaryAddress
    description:
    - Primary e-mail address
    type: str

home_telephone_number:
    aliases:
    - homeTelephoneNumber
    default: []
    description:
    - List of private telephone numbers.
    elements: str
    type: list

pager_telephonenumber:
    aliases:
    - pagerTelephonenumber
    default: []
    description:
    - List of pager telephone numbers.
    elements: str
    type: list

pwd_change_next_login:
    aliases:
    - pwdChangeNextLogin
    choices:
    - '0'
    - '1'
    description:
    - Change password on next login.
    type: str

mobile_telephone_number:
    aliases:
    - mobileTelephoneNumber
    default: []
    description:
    - Mobile phone number
    elements: str
    type: list

samba_user_workstations:
    aliases:
    - sambaUserWorkstations
    default: []
    description:
    - Allow the authentication only on this Microsoft Windows host.
    elements: str
    type: list

mail_alternative_address:
    aliases:
    - mailAlternativeAddress
    default: []
    description:
    - List of alternative e-mail addresses.
    elements: str
    type: list