udm_user – Manage posix users on a univention corporate server

Synopsis

  • This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.

Requirements

The below requirements are needed on the host that executes this module.

  • Python >= 2.6

Parameters

Parameter Choices/Defaults Comments
birthday
-
Birthday
city
-
City of users business address.
country
-
Country of users business address.
department_number
-
Department number of users business address.

aliases: departmentNumber
description
-
Description (not gecos)
display_name
-
Display name (not gecos)

aliases: displayName
email
-
Default:
[]
A list of e-mail addresses.
employee_number
-
Employee number

aliases: employeeNumber
employee_type
-
Employee type

aliases: employeeType
firstname
-
First name. Required if state=present.
gecos
-
GECOS
groups
-
Default:
[]
POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: (&(objectClass=posixGroup(cn=$GROUP))).
home_share
-
Home NFS share. Must be a LDAP DN, e.g. cn=home,cn=shares,ou=school,dc=example,dc=com.

aliases: homeShare
home_share_path
-
Path to home NFS share, inside the homeShare.

aliases: homeSharePath
home_telephone_number
-
Default:
[]
List of private telephone numbers.

aliases: homeTelephoneNumber
homedrive
-
Windows home drive, e.g. "H:".
lastname
-
Last name. Required if state=present.
mail_alternative_address
-
Default:
[]
List of alternative e-mail addresses.

aliases: mailAlternativeAddress
mail_home_server
-
FQDN of mail server

aliases: mailHomeServer
mail_primary_address
-
Primary e-mail address

aliases: mailPrimaryAddress
mobile_telephone_number
-
Default:
[]
Mobile phone number

aliases: mobileTelephoneNumber
organisation
-
Organisation

aliases: organization
ou
-
Default:
""
Organizational Unit inside the LDAP Base DN, e.g. school for LDAP OU ou=school,dc=example,dc=com.
override_pw_history
boolean
    Choices:
  • no ←
  • yes
Override password history

aliases: overridePWHistory
override_pw_length
boolean
    Choices:
  • no ←
  • yes
Override password check

aliases: overridePWLength
pager_telephonenumber
-
Default:
[]
List of pager telephone numbers.

aliases: pagerTelephonenumber
password
-
Password. Required if state=present.
phone
-
List of telephone numbers.
position
-
Default:
""
Define the whole position of users object inside the LDAP tree, e.g. cn=employee,cn=users,ou=school,dc=example,dc=com.
postcode
-
Postal code of users business address.
primary_group
-
Default:
"cn=Domain Users,cn=groups,$LDAP_BASE_DN"
Primary group. This must be the group LDAP DN.

aliases: primaryGroup
profilepath
-
Windows profile directory
pwd_change_next_login
-
    Choices:
  • 0
  • 1
Change password on next login.

aliases: pwdChangeNextLogin
room_number
-
Room number of users business address.

aliases: roomNumber
samba_privileges
-
Samba privilege, like allow printer administration, do domain join.

aliases: sambaPrivileges
samba_user_workstations
-
Allow the authentication only on this Microsoft Windows host.

aliases: sambaUserWorkstations
sambahome
-
Windows home path, e.g. '\\$FQDN\$USERNAME'.
scriptpath
-
Windows logon script.
secretary
-
Default:
[]
A list of superiors as LDAP DNs.
serviceprovider
-
Default:
[]
Enable user for the following service providers.
shell
-
Default:
"/bin/bash"
Login shell
state
-
    Choices:
  • present ←
  • absent
Whether the user is present or not.
street
-
Street of users business address.
subpath
-
Default:
"cn=users"
LDAP subpath inside the organizational unit, e.g. cn=teachers,cn=users for LDAP container cn=teachers,cn=users,dc=example,dc=com.
title
-
Title, e.g. Prof..
unixhome
-
Default:
"/home/$USERNAME"
Unix home directory
update_password
-
Default:
"always"
always will update passwords if they differ. on_create will only set the password for newly created users.
userexpiry
-
Default:
"Today + 1 year"
Account expiry date, e.g. 1999-12-31.
username
- / required
User name

aliases: name

Examples

# Create a user on a UCS
- udm_user:
    name: FooBar
    password: secure_password
    firstname: Foo
    lastname: Bar

# Create a user with the DN
# C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
- udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    ou: school
    subpath: 'cn=teachers,cn=users'
# or define the position
- udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'

Status

Authors

  • Tobias Rüetschi (@keachi)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.