community.general.udm_user – Manage posix users on a univention corporate server

Note

This plugin is part of the community.general collection (version 2.5.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.udm_user.

Synopsis

• This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.

Requirements

The below requirements are needed on the host that executes this module.

• Python >= 2.6

Parameters

Parameter	Choices/Defaults	Comments
birthday string		Birthday
city string		City of users business address.
country string		Country of users business address.
department_number string		Department number of users business address. aliases: departmentNumber
description string		Description (not gecos)
display_name string		Display name (not gecos) aliases: displayName
email list / elements=string	Default: [""]	A list of e-mail addresses.
employee_number string		Employee number aliases: employeeNumber
employee_type string		Employee type aliases: employeeType
firstname string		First name. Required if state=present.
gecos string		GECOS
groups list / elements=string	Default: []	POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: (&(objectClass=posixGroup(cn=$GROUP))).
home_share string		Home NFS share. Must be a LDAP DN, e.g. cn=home,cn=shares,ou=school,dc=example,dc=com. aliases: homeShare
home_share_path string		Path to home NFS share, inside the homeShare. aliases: homeSharePath
home_telephone_number list / elements=string	Default: []	List of private telephone numbers. aliases: homeTelephoneNumber
homedrive string		Windows home drive, e.g. "H:".
lastname string		Last name. Required if state=present.
mail_alternative_address list / elements=string	Default: []	List of alternative e-mail addresses. aliases: mailAlternativeAddress
mail_home_server string		FQDN of mail server aliases: mailHomeServer
mail_primary_address string		Primary e-mail address aliases: mailPrimaryAddress
mobile_telephone_number list / elements=string	Default: []	Mobile phone number aliases: mobileTelephoneNumber
organisation string		Organisation aliases: organization
ou string	Default: ""	Organizational Unit inside the LDAP Base DN, e.g. school for LDAP OU ou=school,dc=example,dc=com.
overridePWHistory boolean	Choices: no ← yes	Override password history aliases: override_pw_history
overridePWLength boolean	Choices: no ← yes	Override password check aliases: override_pw_length
pager_telephonenumber list / elements=string	Default: []	List of pager telephone numbers. aliases: pagerTelephonenumber
password string		Password. Required if state=present.
phone list / elements=string		List of telephone numbers.
position string	Default: ""	Define the whole position of users object inside the LDAP tree, e.g. cn=employee,cn=users,ou=school,dc=example,dc=com.
postcode string		Postal code of users business address.
primary_group string		Primary group. This must be the group LDAP DN. If not specified, it defaults to cn=Domain Users,cn=groups,$LDAP_BASE_DN. aliases: primaryGroup
profilepath string		Windows profile directory
pwd_change_next_login string	Choices: 0 1	Change password on next login. aliases: pwdChangeNextLogin
room_number string		Room number of users business address. aliases: roomNumber
samba_privileges list / elements=string		Samba privilege, like allow printer administration, do domain join. aliases: sambaPrivileges
samba_user_workstations list / elements=string		Allow the authentication only on this Microsoft Windows host. aliases: sambaUserWorkstations
sambahome string		Windows home path, e.g. '\\$FQDN\$USERNAME'.
scriptpath string		Windows logon script.
secretary list / elements=string	Default: []	A list of superiors as LDAP DNs.
serviceprovider list / elements=string	Default: [""]	Enable user for the following service providers.
shell string	Default: "/bin/bash"	Login shell
state string	Choices: present ← absent	Whether the user is present or not.
street string		Street of users business address.
subpath string	Default: "cn=users"	LDAP subpath inside the organizational unit, e.g. cn=teachers,cn=users for LDAP container cn=teachers,cn=users,dc=example,dc=com.
title string		Title, e.g. Prof..
unixhome string		Unix home directory If not specified, it defaults to /home/$USERNAME.
update_password string	Choices: always ← on_create	always will update passwords if they differ. on_create will only set the password for newly created users.
userexpiry string		Account expiry date, e.g. 1999-12-31. If not specified, it defaults to the current day plus one year.
username string / required		User name aliases: name

Examples

- name: Create a user on a UCS
  community.general.udm_user:
    name: FooBar
    password: secure_password
    firstname: Foo
    lastname: Bar

- name: Create a user with the DN C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
  community.general.udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    ou: school
    subpath: 'cn=teachers,cn=users'

# or define the position
- name: Create a user with the DN C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
  community.general.udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'

Authors

• Tobias Rüetschi (@keachi)