ipa_user - Manage FreeIPA users

New in version 2.3.

Synopsis

  • Add, modify and delete user within IPA server

Requirements (on host that executes module)

  • base64
  • hashlib

Options

parameter required default choices comments
displayname
no
Display name
givenname
no
First name
ipa_host
no ipa.example.com
IP or hostname of IPA server
ipa_pass
yes
Password of administrative user
ipa_port
no 443
Port of IPA server
ipa_prot
no https
  • http
  • https
Protocol used by IPA server
ipa_user
no admin
Administrative account used on IPA server
loginshell
no
Login shell
mail
no
List of mail addresses assigned to the user.
If an empty list is passed all assigned email addresses will be deleted.
If None is passed email addresses will not be checked or changed.
password
no
Password
sn
no
Surname
sshpubkey
no
List of public SSH key.
If an empty list is passed all assigned public keys will be deleted.
If None is passed SSH public keys will not be checked or changed.
state
no present
  • present
  • absent
  • enabled
  • disabled
State to ensure
telephonenumber
no
List of telephone numbers assigned to the user.
If an empty list is passed all assigned telephone numbers will be deleted.
If None is passed telephone numbers will not be checked or changed.
title
no
Title
uid
yes
uid of the user
aliases: name
validate_certs
no True
This only applies if ipa_prot is https.
If set to no, the SSL certificates will not be validated.
This should only set to no used on personally controlled sites using self-signed certificates.

Examples

# Ensure pinky is present
- ipa_user:
    name: pinky
    state: present
    givenname: Pinky
    sn: Acme
    mail:
    - [email protected]
    telephonenumber:
    - '+555123456'
    sshpubkeyfp:
    - ssh-rsa ....
    - ssh-dsa ....
    ipa_host: ipa.example.com
    ipa_user: admin
    ipa_pass: topsecret

# Ensure brain is absent
- ipa_user:
    name: brain
    state: absent
    ipa_host: ipa.example.com
    ipa_user: admin
    ipa_pass: topsecret

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
user
User as returned by IPA API
always dict

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/ipa_user_module.html