Try SpotterManage FreeIPA users
Authors: Thomas Woerner
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections:
- name: freeipa.ansible_freeipa
version: 1.8.4Manage FreeIPA users
# Create user pinky
- freeipa.ansible_freeipa.ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
first: pinky
last: Acme
uid: 10001
gid: 100
phone: "+555123457"
email: pinky@acme.com
passwordexpiration: "2023-01-19 23:59:59"
password: "no-brain"
update_password: on_create
# Create user brain
- freeipa.ansible_freeipa.ipauser:
ipaadmin_password: SomeADMINpassword
name: brain
first: brain
last: Acme
# Delete user pinky, but preserved
- freeipa.ansible_freeipa.ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
preserve: yes
state: absent
# Undelete user pinky
- freeipa.ansible_freeipa.ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
state: undeleted
# Disable user pinky
- freeipa.ansible_freeipa.ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky,brain
state: disabled
# Enable user pinky and brain
- freeipa.ansible_freeipa.ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky,brain
state: enabled
# Remove user pinky and brain
- freeipa.ansible_freeipa.ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky,brain
state: disabled
fax:
aliases:
- facsimiletelephonenumber
description: List of fax numbers
required: false
gid:
aliases:
- gidnumber
description: The GID
required: false
uid:
aliases:
- uidnumber
description: The UID
required: false
city:
description: City
required: false
last:
aliases:
- sn
description: The last name. Required if user does not exist.
required: false
name:
description: The list of users (internally uid).
required: false
email:
description: List of email addresses
required: false
first:
aliases:
- givenname
description: The first name. Required if user does not exist.
required: false
pager:
description: List of pager numbers
required: false
phone:
aliases:
- telephonenumber
description: List of telephone numbers
required: false
shell:
aliases:
- loginshell
description: The login shell
required: false
state:
choices:
- present
- absent
- enabled
- disabled
- unlocked
- undeleted
default: present
description: State to ensure
title:
description: The job title
required: false
users:
description: The list of user dicts (internally uid).
required: false
suboptions:
carlicense:
description: List of car licenses
required: false
certificate:
description: List of base-64 encoded user certificates
required: false
certmapdata:
description:
- List of certificate mappings
- Only usable with IPA versions 4.5 and up.
required: false
suboptions:
certificate:
description: Base-64 encoded user certificate
required: false
data:
description: Certmap data
required: false
issuer:
description: Issuer of the certificate
required: false
subject:
description: Subject of the certificate
required: false
city:
description: City
required: false
departmentnumber:
description: Department Number
required: false
displayname:
description: The display name
required: false
email:
description: List of email addresses
required: false
employeenumber:
description: Employee Number
required: false
employeetype:
description: Employee Type
required: false
fax:
aliases:
- facsimiletelephonenumber
description: List of fax numbers
required: false
first:
aliases:
- givenname
description: The first name. Required if user does not exist.
required: false
fullname:
aliases:
- cn
description: The full name
required: false
gid:
aliases:
- gidnumber
description: The GID
required: false
homedir:
description: The home directory
required: false
initials:
description: Initials
required: false
last:
aliases:
- sn
description: The last name. Required if user doesnot exst.
required: false
manager:
description: List of managers
required: false
mobile:
description: List of mobile telephone numbers
required: false
name:
description: The user (internally uid).
required: true
nomembers:
description: Suppress processing of membership attributes
required: false
type: bool
noprivate:
description: Don't create user private group
required: false
type: bool
orgunit:
description: Org. Unit
required: false
pager:
description: List of pager numbers
required: false
password:
description: The user password
required: false
passwordexpiration:
aliases:
- krbpasswordexpiration
description: 'The kerberos password expiration date (FreeIPA-4.7+)
(possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ,
YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ,
YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped.
Only usable with IPA versions 4.7 and up.
'
required: false
phone:
aliases:
- telephonenumber
description: List of telephone numbers
required: false
postalcode:
aliases:
- zip
description: Postalcode/ZIP
required: false
preferredlanguage:
description: Preferred Language
required: false
principal:
aliases:
- principalname
- krbprincipalname
description: The kerberos principal
required: false
principalexpiration:
aliases:
- krbprincipalexpiration
description: 'The kerberos principal expiration date
(possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ,
YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ,
YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped.
'
required: false
radius:
description: RADIUS proxy configuration
required: false
radiususer:
description: RADIUS proxy username
required: false
random:
description: Generate a random user password
required: false
type: bool
shell:
aliases:
- loginshell
description: The login shell
required: false
sshpubkey:
aliases:
- ipasshpubkey
description: List of SSH public keys
required: false
title:
description: The job title
required: false
uid:
aliases:
- uidnumber
description: The UID
required: false
userauthtype:
aliases:
- ipauserauthtype
choices:
- password
- radius
- otp
- ''
description: List of supported user authentication types Use empty string to reset
userauthtype to the initial value.
required: false
userclass:
description:
- User category
- (semantics placed on this attribute are for local interpretation)
required: false
userstate:
aliases:
- st
description: State/Province
required: false
action:
choices:
- member
- user
default: user
description: Work on user or member level
mobile:
description: List of mobile telephone numbers
required: false
radius:
description: RADIUS proxy configuration
required: false
random:
description: Generate a random user password
required: false
type: bool
homedir:
description: The home directory
required: false
manager:
description: List of managers
required: false
orgunit:
description: Org. Unit
required: false
fullname:
aliases:
- cn
description: The full name
required: false
initials:
description: Initials
required: false
password:
description: The user password
required: false
preserve:
description: Delete a user, keeping the entry available for future use
required: false
nomembers:
description: Suppress processing of membership attributes
required: false
type: bool
noprivate:
description: Don't create user private group
required: false
type: bool
principal:
aliases:
- principalname
- krbprincipalname
description: The kerberos principal
required: false
sshpubkey:
aliases:
- ipasshpubkey
description: List of SSH public keys
required: false
userclass:
description:
- User category
- (semantics placed on this attribute are for local interpretation)
required: false
userstate:
aliases:
- st
description: State/Province
required: false
carlicense:
description: List of car licenses
required: false
postalcode:
aliases:
- zip
description: ZIP
required: false
radiususer:
description: RADIUS proxy username
required: false
certificate:
description: List of base-64 encoded user certificates
required: false
certmapdata:
description:
- List of certificate mappings
- Only usable with IPA versions 4.5 and up.
required: false
suboptions:
certificate:
description: Base-64 encoded user certificate
required: false
data:
description: Certmap data
required: false
issuer:
description: Issuer of the certificate
required: false
subject:
description: Subject of the certificate
required: false
displayname:
description: The display name
required: false
employeetype:
description: Employee Type
required: false
userauthtype:
aliases:
- ipauserauthtype
choices:
- password
- radius
- otp
- ''
description: List of supported user authentication types Use empty string to reset
userauthtype to the initial value.
required: false
employeenumber:
description: Employee Number
required: false
ipaapi_context:
choices:
- server
- client
description: 'The context in which the module will execute. Executing in a
server context is preferred. If not provided context will be
determined by the execution environment.
'
required: false
update_password:
choices:
- always
- on_create
default: always
description: Set password for a user in present state only on creation or always
required: false
departmentnumber:
description: Department Number
required: false
ipaadmin_password:
description: The admin password.
required: false
ipaapi_ldap_cache:
default: true
description: Use LDAP cache for IPA connection.
type: bool
preferredlanguage:
description: Preferred Language
required: false
ipaadmin_principal:
default: admin
description: The admin principal.
passwordexpiration:
aliases:
- krbpasswordexpiration
description: 'The kerberos password expiration date (FreeIPA-4.7+)
(possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ,
YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ,
YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped.
Only usable with IPA versions 4.7 and up.
'
required: false
principalexpiration:
aliases:
- krbprincipalexpiration
description: 'The kerberos principal expiration date
(possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ,
YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ,
YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped.
'
required: false
user:
description: User dict with random password
options:
name:
description: The user name of the user that got a new random password
options:
randompassword:
description: The generated random password
returned: always
returned: If several users are handled by the module
type: dict
randompassword:
description: The generated random password
returned: If only one user is handled by the module
returned: If random is yes and user did not exist or update_password is yes
type: dict