freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipauser Manage FreeIPA users Authors: Thomas Woerner preview | supported by communityfreeipa.ansible_freeipa.ipauser (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Manage FreeIPA users
# Create user pinky - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky first: pinky last: Acme uid: 10001 gid: 100 phone: "+555123457" email: pinky@acme.com passwordexpiration: "2023-01-19 23:59:59" password: "no-brain" update_password: on_create
# Create user brain - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: brain first: brain last: Acme
# Delete user pinky, but preserved - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky preserve: yes state: absent
# Undelete user pinky - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky state: undeleted
# Disable user pinky - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky,brain state: disabled
# Enable user pinky and brain - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky,brain state: enabled
# Remove user pinky and brain - freeipa.ansible_freeipa.ipauser: ipaadmin_password: SomeADMINpassword name: pinky,brain state: disabled
fax: aliases: - facsimiletelephonenumber description: List of fax numbers required: false gid: aliases: - gidnumber description: The GID required: false uid: aliases: - uidnumber description: The UID required: false city: description: City required: false last: aliases: - sn description: The last name. Required if user does not exist. required: false name: description: The list of users (internally uid). required: false email: description: List of email addresses required: false first: aliases: - givenname description: The first name. Required if user does not exist. required: false pager: description: List of pager numbers required: false phone: aliases: - telephonenumber description: List of telephone numbers required: false shell: aliases: - loginshell description: The login shell required: false state: choices: - present - absent - enabled - disabled - unlocked - undeleted default: present description: State to ensure title: description: The job title required: false users: description: The list of user dicts (internally uid). required: false suboptions: carlicense: description: List of car licenses required: false certificate: description: List of base-64 encoded user certificates required: false certmapdata: description: - List of certificate mappings - Only usable with IPA versions 4.5 and up. required: false suboptions: certificate: description: Base-64 encoded user certificate required: false data: description: Certmap data required: false issuer: description: Issuer of the certificate required: false subject: description: Subject of the certificate required: false city: description: City required: false departmentnumber: description: Department Number required: false displayname: description: The display name required: false email: description: List of email addresses required: false employeenumber: description: Employee Number required: false employeetype: description: Employee Type required: false fax: aliases: - facsimiletelephonenumber description: List of fax numbers required: false first: aliases: - givenname description: The first name. Required if user does not exist. required: false fullname: aliases: - cn description: The full name required: false gid: aliases: - gidnumber description: The GID required: false homedir: description: The home directory required: false initials: description: Initials required: false last: aliases: - sn description: The last name. Required if user doesnot exst. required: false manager: description: List of managers required: false mobile: description: List of mobile telephone numbers required: false name: description: The user (internally uid). required: true nomembers: description: Suppress processing of membership attributes required: false type: bool noprivate: description: Don't create user private group required: false type: bool orgunit: description: Org. Unit required: false pager: description: List of pager numbers required: false password: description: The user password required: false passwordexpiration: aliases: - krbpasswordexpiration description: 'The kerberos password expiration date (FreeIPA-4.7+) (possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ, YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ, YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped. Only usable with IPA versions 4.7 and up. ' required: false phone: aliases: - telephonenumber description: List of telephone numbers required: false postalcode: aliases: - zip description: Postalcode/ZIP required: false preferredlanguage: description: Preferred Language required: false principal: aliases: - principalname - krbprincipalname description: The kerberos principal required: false principalexpiration: aliases: - krbprincipalexpiration description: 'The kerberos principal expiration date (possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ, YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ, YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped. ' required: false radius: description: RADIUS proxy configuration required: false radiususer: description: RADIUS proxy username required: false random: description: Generate a random user password required: false type: bool shell: aliases: - loginshell description: The login shell required: false sshpubkey: aliases: - ipasshpubkey description: List of SSH public keys required: false title: description: The job title required: false uid: aliases: - uidnumber description: The UID required: false userauthtype: aliases: - ipauserauthtype choices: - password - radius - otp - '' description: List of supported user authentication types Use empty string to reset userauthtype to the initial value. required: false userclass: description: - User category - (semantics placed on this attribute are for local interpretation) required: false userstate: aliases: - st description: State/Province required: false action: choices: - member - user default: user description: Work on user or member level mobile: description: List of mobile telephone numbers required: false radius: description: RADIUS proxy configuration required: false random: description: Generate a random user password required: false type: bool homedir: description: The home directory required: false manager: description: List of managers required: false orgunit: description: Org. Unit required: false fullname: aliases: - cn description: The full name required: false initials: description: Initials required: false password: description: The user password required: false preserve: description: Delete a user, keeping the entry available for future use required: false nomembers: description: Suppress processing of membership attributes required: false type: bool noprivate: description: Don't create user private group required: false type: bool principal: aliases: - principalname - krbprincipalname description: The kerberos principal required: false sshpubkey: aliases: - ipasshpubkey description: List of SSH public keys required: false userclass: description: - User category - (semantics placed on this attribute are for local interpretation) required: false userstate: aliases: - st description: State/Province required: false carlicense: description: List of car licenses required: false postalcode: aliases: - zip description: ZIP required: false radiususer: description: RADIUS proxy username required: false certificate: description: List of base-64 encoded user certificates required: false certmapdata: description: - List of certificate mappings - Only usable with IPA versions 4.5 and up. required: false suboptions: certificate: description: Base-64 encoded user certificate required: false data: description: Certmap data required: false issuer: description: Issuer of the certificate required: false subject: description: Subject of the certificate required: false displayname: description: The display name required: false employeetype: description: Employee Type required: false userauthtype: aliases: - ipauserauthtype choices: - password - radius - otp - '' description: List of supported user authentication types Use empty string to reset userauthtype to the initial value. required: false employeenumber: description: Employee Number required: false ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false update_password: choices: - always - on_create default: always description: Set password for a user in present state only on creation or always required: false departmentnumber: description: Department Number required: false ipaadmin_password: description: The admin password. required: false ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool preferredlanguage: description: Preferred Language required: false ipaadmin_principal: default: admin description: The admin principal. passwordexpiration: aliases: - krbpasswordexpiration description: 'The kerberos password expiration date (FreeIPA-4.7+) (possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ, YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ, YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped. Only usable with IPA versions 4.7 and up. ' required: false principalexpiration: aliases: - krbprincipalexpiration description: 'The kerberos principal expiration date (possible formats: YYYYMMddHHmmssZ, YYYY-MM-ddTHH:mm:ssZ, YYYY-MM-ddTHH:mmZ, YYYY-MM-ddZ, YYYY-MM-dd HH:mm:ssZ, YYYY-MM-dd HH:mmZ) The trailing ''Z'' can be skipped. ' required: false
user: description: User dict with random password options: name: description: The user name of the user that got a new random password options: randompassword: description: The generated random password returned: always returned: If several users are handled by the module type: dict randompassword: description: The generated random password returned: If only one user is handled by the module returned: If random is yes and user did not exist or update_password is yes type: dict