freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipauser Manage FreeIPA users Authors: Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipauser (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Manage FreeIPA users
# Create user pinky - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky first: pinky last: Acme uid: 10001 gid: 100 phone: "+555123457" email: pinky@acme.com passwordexpiration: "2023-01-19 23:59:59" password: "no-brain" update_password: on_create
# Create user brain - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: brain first: brain last: Acme
# Create multiple users pinky and brain - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword users: - name: pinky first: pinky last: Acme - name: brain first: brain last: Acme
# Delete user pinky, but preserved - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky preserve: yes state: absent
# Undelete user pinky - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky state: undeleted
# Disable user pinky - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky,brain state: disabled
# Enable user pinky and brain - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky,brain state: enabled
# Remove but preserve user pinky - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword users: - name: pinky preserve: yes state: absent
# Remove user pinky and brain - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky,brain state: disabled
# Ensure a user has SMB attributes - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: smbuser first: SMB last: User smb_logon_script: N:\logonscripts\startup smb_profile_path: \\server\profiles\some_profile smb_home_dir: \\users\home\smbuser smb_home_drive: "U:"
fax: aliases: - facsimiletelephonenumber description: List of fax numbers elements: str required: false type: list gid: aliases: - gidnumber description: Group ID Number required: false type: int idp: aliases: - ipaidpconfiglink description: External IdP configuration required: false type: str uid: aliases: - uidnumber description: User ID Number (system will assign one if not provided) required: false type: int city: description: City required: false type: str last: aliases: - sn description: The last name. Required if user doesnot exst. required: false type: str name: aliases: - login description: The list of users (internally uid). elements: str required: false type: list email: description: List of email addresses elements: str required: false type: list first: aliases: - givenname description: The first name. Required if user does not exist. required: false type: str gecos: description: The GECOS required: false type: str pager: description: List of pager numbers elements: str required: false type: list phone: aliases: - telephonenumber description: List of telephone numbers elements: str required: false type: list shell: aliases: - loginshell description: The login shell required: false type: str state: choices: - present - absent - enabled - disabled - unlocked - undeleted default: present description: State to ensure type: str title: description: The job title required: false type: str users: description: The list of user dicts (internally uid). elements: dict required: false suboptions: carlicense: description: List of car licenses elements: str required: false type: list certificate: aliases: - usercertificate description: List of base-64 encoded user certificates elements: str required: false type: list certmapdata: description: - List of certificate mappings - Only usable with IPA versions 4.5 and up. elements: dict required: false suboptions: certificate: description: Base-64 encoded user certificate required: false type: str data: description: Certmap data required: false type: str issuer: description: Issuer of the certificate required: false type: str subject: description: Subject of the certificate required: false type: str type: list city: description: City required: false type: str departmentnumber: description: Department Number elements: str required: false type: list displayname: description: The display name required: false type: str email: description: List of email addresses elements: str required: false type: list employeenumber: description: Employee Number required: false type: str employeetype: description: Employee Type required: false type: str fax: aliases: - facsimiletelephonenumber description: List of fax numbers elements: str required: false type: list first: aliases: - givenname description: The first name. Required if user does not exist. required: false type: str fullname: aliases: - cn description: The full name required: false type: str gecos: description: The GECOS required: false type: str gid: aliases: - gidnumber description: Group ID Number required: false type: int homedir: description: The home directory required: false type: str idp: aliases: - ipaidpconfiglink description: External IdP configuration required: false type: str idp_user_id: aliases: - ipaidpsub description: A string that identifies the user at external IdP required: false type: str initials: description: Initials required: false type: str last: aliases: - sn description: The last name. Required if user doesnot exst. required: false type: str manager: description: List of managers elements: str required: false type: list mobile: description: List of mobile telephone numbers elements: str required: false type: list name: aliases: - login description: The user (internally uid). required: true type: str nomembers: description: Suppress processing of membership attributes required: false type: bool noprivate: description: Don't create user private group required: false type: bool orgunit: aliases: - ou description: Org. Unit required: false type: str pager: description: List of pager numbers elements: str required: false type: list password: description: The user password required: false type: str passwordexpiration: aliases: - krbpasswordexpiration description: 'The kerberos password expiration date (FreeIPA-4.7+) (possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ, YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ, YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped. Only usable with IPA versions 4.7 and up. ' required: false type: str phone: aliases: - telephonenumber description: List of telephone numbers elements: str required: false type: list postalcode: aliases: - zip description: Postalcode/ZIP required: false type: str preferredlanguage: description: Preferred Language required: false type: str principal: aliases: - principalname - krbprincipalname description: The kerberos principal elements: str required: false type: list principalexpiration: aliases: - krbprincipalexpiration description: 'The kerberos principal expiration date (possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ, YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ, YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped. ' required: false type: str radius: aliases: - ipatokenradiusconfiglink description: RADIUS proxy configuration required: false type: str radiususer: aliases: - radiususername - ipatokenradiususername description: RADIUS proxy username required: false type: str random: description: Generate a random user password required: false type: bool shell: aliases: - loginshell description: The login shell required: false type: str smb_home_dir: aliases: - ipanthomedirectory description: SMB Home Directory required: false type: str smb_home_drive: aliases: - ipanthomedirectorydrive choices: - 'A:' - 'B:' - 'C:' - 'D:' - 'E:' - 'F:' - 'G:' - 'H:' - 'I:' - 'J:' - 'K:' - 'L:' - 'M:' - 'N:' - 'O:' - 'P:' - 'Q:' - 'R:' - 'S:' - 'T:' - 'U:' - 'V:' - 'W:' - 'X:' - 'Y:' - 'Z:' - '' description: SMB Home Directory Drive required: false type: str smb_logon_script: aliases: - ipantlogonscript description: SMB logon script path required: false type: str smb_profile_path: aliases: - ipantprofilepath description: SMB profile path required: false type: str sshpubkey: aliases: - ipasshpubkey description: List of SSH public keys elements: str required: false type: list street: description: Street address required: false type: str title: description: The job title required: false type: str uid: aliases: - uidnumber description: User ID Number (system will assign one if not provided) required: false type: int userauthtype: aliases: - ipauserauthtype choices: - password - radius - otp - pkinit - hardened - idp - '' description: List of supported user authentication types Use empty string to reset userauthtype to the initial value. elements: str required: false type: list userclass: aliases: - class description: - User category - (semantics placed on this attribute are for local interpretation) elements: str required: false type: list userstate: aliases: - st description: State/Province required: false type: str type: list action: choices: - member - user default: user description: Work on user or member level type: str mobile: description: List of mobile telephone numbers elements: str required: false type: list radius: aliases: - ipatokenradiusconfiglink description: RADIUS proxy configuration required: false type: str random: description: Generate a random user password required: false type: bool street: description: Street address required: false type: str homedir: description: The home directory required: false type: str manager: description: List of managers elements: str required: false type: list orgunit: aliases: - ou description: Org. Unit required: false type: str fullname: aliases: - cn description: The full name required: false type: str initials: description: Initials required: false type: str password: description: The user password required: false type: str preserve: description: Delete a user, keeping the entry available for future use required: false type: bool nomembers: description: Suppress processing of membership attributes required: false type: bool noprivate: description: Don't create user private group required: false type: bool principal: aliases: - principalname - krbprincipalname description: The kerberos principal elements: str required: false type: list sshpubkey: aliases: - ipasshpubkey description: List of SSH public keys elements: str required: false type: list userclass: aliases: - class description: - User category - (semantics placed on this attribute are for local interpretation) elements: str required: false type: list userstate: aliases: - st description: State/Province required: false type: str carlicense: description: List of car licenses elements: str required: false type: list postalcode: aliases: - zip description: Postalcode/ZIP required: false type: str radiususer: aliases: - radiususername - ipatokenradiususername description: RADIUS proxy username required: false type: str certificate: aliases: - usercertificate description: List of base-64 encoded user certificates elements: str required: false type: list certmapdata: description: - List of certificate mappings - Only usable with IPA versions 4.5 and up. elements: dict required: false suboptions: certificate: description: Base-64 encoded user certificate required: false type: str data: description: Certmap data required: false type: str issuer: description: Issuer of the certificate required: false type: str subject: description: Subject of the certificate required: false type: str type: list displayname: description: The display name required: false type: str idp_user_id: aliases: - ipaidpsub description: A string that identifies the user at external IdP required: false type: str employeetype: description: Employee Type required: false type: str smb_home_dir: aliases: - ipanthomedirectory description: SMB Home Directory required: false type: str userauthtype: aliases: - ipauserauthtype choices: - password - radius - otp - pkinit - hardened - idp - '' description: List of supported user authentication types Use empty string to reset userauthtype to the initial value. elements: str required: false type: list employeenumber: description: Employee Number required: false type: str ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false type: str smb_home_drive: aliases: - ipanthomedirectorydrive choices: - 'A:' - 'B:' - 'C:' - 'D:' - 'E:' - 'F:' - 'G:' - 'H:' - 'I:' - 'J:' - 'K:' - 'L:' - 'M:' - 'N:' - 'O:' - 'P:' - 'Q:' - 'R:' - 'S:' - 'T:' - 'U:' - 'V:' - 'W:' - 'X:' - 'Y:' - 'Z:' - '' description: SMB Home Directory Drive required: false type: str update_password: choices: - always - on_create description: Set password for a user in present state only on creation or always required: false type: str departmentnumber: description: Department Number elements: str required: false type: list smb_logon_script: aliases: - ipantlogonscript description: SMB logon script path required: false type: str smb_profile_path: aliases: - ipantprofilepath description: SMB profile path required: false type: str ipaadmin_password: description: The admin password. required: false type: str ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool preferredlanguage: description: Preferred Language required: false type: str ipaadmin_principal: default: admin description: The admin principal. type: str passwordexpiration: aliases: - krbpasswordexpiration description: 'The kerberos password expiration date (FreeIPA-4.7+) (possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ, YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ, YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped. Only usable with IPA versions 4.7 and up. ' required: false type: str principalexpiration: aliases: - krbprincipalexpiration description: 'The kerberos principal expiration date (possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ, YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ, YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped. ' required: false type: str
user: contains: name: contains: randompassword: description: The generated random password returned: always type: str description: The user name of the user that got a new random password returned: 'If several users are handled by the module with the users parameter ' type: dict randompassword: description: The generated random password returned: 'If only one user is handled by the module without using users parameter ' type: str description: User dict with random password returned: If random is yes and user did not exist or update_password is yes type: dict