/ home / univention / univention.ucs_modules / 3.1.2 / module / univention_directory_manager

univention.ucs_modules.univention_directory_manager (3.1.2) — module

Accessing the Univention Directory Manager

Authors: Lukas Zumvorde, Jan-Luca Kiok

preview | supported by comunity

Install collection

Install with ansible-galaxy collection install univention.ucs_modules:==3.1.2

Add to requirements.yml

  collections:
    - name: univention.ucs_modules
      version: 3.1.2

Description

You can create and modify Objects in the LDAP with Univention Directory Manager.

Usage examples

Scanned by Steampunk Spotter

# create a new user object
- name: create a user
  univention_directory_manager:
    module: 'users/user'
    state: 'present'
    set_properties:
      - property: 'username'
        value: 'testuser1'
      - property: 'lastname'
        value: 'testuser1'
      - property: 'password'
        value: 'mypassword'

Scanned by Steampunk Spotter

# delete one or more objects
- name: delete a user with a search filter
  univention_directory_manager:
    module: 'users/user'
    state: 'absent'
    filter: '(uid=testuser1)'

Scanned by Steampunk Spotter

# create an extended attribute
- name: "create an extended attribute with superordinary param and complex attributes"
  univention_directory_manager:
    module: "settings/extended_attribute"
    state: "present"
    superordinate: "cn=custom attributes,cn=univention,dc=example,dc=org"
    set_properties:
      - property: "name"
        value: "testAttribute"
      - property: "shortDescription"
        value: "This is a test attribute"
      - property: "module"
        # Multivalued properties must be provided as a list
        value: ["users/user", "groups/group"]
      - property: "translationShortDescription"
        # Complex types must be provided in their parsed tuple form, always nested inside a list
        value: [["de_DE", "Dies ist ein Test-Attribut"]]
      - property: "objectClass"
        value: "customAttributeGroups"
      - property: "ldapMapping"
        value: "customAttributeTestAttribute"

Scanned by Steampunk Spotter

# use position to place the object in the directory tree
- name: create a user with position
  univention_directory_manager:
    module: 'users/user'
    state: 'present'
    position: 'cn=users,ou=DEMOSCHOOL,dc=t1,dc=intranet'
    set_properties:
      - property: 'username'
        value: 'testuser2'
      - property: 'lastname'
        value: 'testuser2'
      - property: 'password'
        value: 'mypassword'

Scanned by Steampunk Spotter

# delete on very specific object
- name: delete the user with position
  univention_directory_manager:
    module: 'users/user'
    state: 'absent'
    dn: 'uid=testuser2,cn=users,ou=DEMOSCHOOL,dc=t1,dc=intranet'

Scanned by Steampunk Spotter

# add or change specific properties
- name: modify testuser3 - add or change a property
  univention_directory_manager:
    module: 'users/user'
    state: 'present'
    filter: '(uid=testuser3)'
    set_properties:
      - property: 'firstname'
        value: 'max'

Scanned by Steampunk Spotter

# remove specific properties
- name: modify testuser3 - remove property
  univention_directory_manager:
    module: 'users/user'
    state: 'present'
    filter: '(uid=testuser3)'
    unset_properties:
      - property: 'firstname'
        value: 'does not matter'

Inputs

    
dn:
    description:
    - The distinguished name of the LDAP object.
    required: false
    type: str

state:
    choices:
    - absent
    - present
    default: present
    description:
    - Either 'present' for creating or modifying the objects given with 'dn' and 'filter'
      or 'absent' for deleting the objects from the LDAP. Default is 'present'.
    type: str

filter:
    description:
    - A LDAP search filter to select objects.
    required: false
    type: str

module:
    description:
    - The udm module for which objects are to be modified
    required: true
    type: str

position:
    description:
    - The position in the tree
    required: false
    type: str

superordinate:
    description:
    - When creating a new object, set its superordinate to this DN.
    - Only affects newly created LDAP objects, this option is ignored for modifications
      and removals of existing entries.
    required: false
    type: str

set_properties:
    description:
    - A list of dictionaries with the keys property and value.
    - Properties of the objects are to be set to the given values.
    required: false
    type: list

unset_properties:
    description:
    - A list of dictionaries with the key property.
    - The listed properties of the objects are to be unset.
    required: false
    type: list

Outputs

meta['changed_objects']:
  description: A list of all objects that were changed.
meta['created']:
  description: The created object and his attributes.
meta['modified']:
  description: The modified object and his changed attributes.
meta['removed']:
  description: The removed object and his attributes.
msg:
  description: A human-readable information about which objects were changed.