udm_user - Manage posix users on a univention corporate server

New in version 2.2.

Synopsis

  • This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.

Requirements (on host that executes module)

  • Python >= 2.6

Options

parameter required default choices comments
birthday
no None
Birthday
city
no None
City of users business address.
country
no None
Country of users business address.
department_number
no None
Department number of users business address.
aliases: departmentNumber
description
no None
Description (not gecos)
display_name
no None
Display name (not gecos)
aliases: displayName
email
no [u'']
A list of e-mail addresses.
employee_number
no None
Employee number
aliases: employeeNumber
employee_type
no None
Employee type
aliases: employeeType
firstname
no
First name. Required if state=present.
gecos
no None
GECOS
groups
no
POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: (&(objectClass=posixGroup(cn=$GROUP))).
home_share
no None
Home NFS share. Must be a LDAP DN, e.g. cn=home,cn=shares,ou=school,dc=example,dc=com.
aliases: homeShare
home_share_path
no None
Path to home NFS share, inside the homeShare.
aliases: homeSharePath
home_telephone_number
no
List of private telephone numbers.
aliases: homeTelephoneNumber
homedrive
no None
Windows home drive, e.g. "H:".
lastname
no
Last name. Required if state=present.
mail_alternative_address
no
List of alternative e-mail addresses.
aliases: mailAlternativeAddress
mail_home_server
no None
FQDN of mail server
aliases: mailHomeServer
mail_primary_address
no None
Primary e-mail address
aliases: mailPrimaryAddress
mobile_telephone_number
no
Mobile phone number
aliases: mobileTelephoneNumber
organisation
no None
Organisation
ou
no
Organizational Unit inside the LDAP Base DN, e.g. school for LDAP OU ou=school,dc=example,dc=com.
override_pw_history
no
Override password history
aliases: overridePWHistory
override_pw_length
no
Override password check
aliases: overridePWLength
pager_telephonenumber
no
List of pager telephone numbers.
aliases: pagerTelephonenumber
password
no None
Password. Required if state=present.
phone
no
List of telephone numbers.
position
no
Define the whole position of users object inside the LDAP tree, e.g. cn=employee,cn=users,ou=school,dc=example,dc=com.
postcode
no None
Postal code of users business address.
primary_group
no cn=Domain Users,cn=groups,$LDAP_BASE_DN
Primary group. This must be the group LDAP DN.
aliases: primaryGroup
profilepath
no None
Windows profile directory
pwd_change_next_login
no None
  • 0
  • 1
Change password on next login.
aliases: pwdChangeNextLogin
room_number
no None
Room number of users business address.
aliases: roomNumber
samba_privileges
no
Samba privilege, like allow printer administration, do domain join.
aliases: sambaPrivileges
samba_user_workstations
no
Allow the authentication only on this Microsoft Windows host.
aliases: sambaUserWorkstations
sambahome
no None
Windows home path, e.g. '\\$FQDN\$USERNAME'.
scriptpath
no None
Windows logon script.
secretary
no
A list of superiors as LDAP DNs.
serviceprovider
no [u'']
Enable user for the following service providers.
shell
no /bin/bash
Login shell
state
no present
  • present
  • absent
Whether the user is present or not.
street
no None
Street of users business address.
subpath
no cn=users
LDAP subpath inside the organizational unit, e.g. cn=teachers,cn=users for LDAP container cn=teachers,cn=users,dc=example,dc=com.
title
no None
Title, e.g. Prof..
unixhome
no /home/$USERNAME
Unix home directory
update_password
(added in 2.3)
no always
always will update passwords if they differ. on_create will only set the password for newly created users.
userexpiry
no Today + 1 year
Account expiry date, e.g. 1999-12-31.
username
yes
User name
aliases: name

Examples

# Create a user on a UCS
- udm_user:
    name: FooBar
    password: secure_password
    firstname: Foo
    lastname: Bar

# Create a user with the DN
# C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
- udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    ou: school
    subpath: 'cn=teachers,cn=users'
# or define the position
- udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/udm_user_module.html