Documentation

udm_user - Manage posix users on a univention corporate server

New in version 2.2.

Synopsis

  • This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.

Requirements

The below requirements are needed on the host that executes this module.

  • Python >= 2.6

Parameters

Parameter Choices/Defaults Comments
birthday
Birthday
city
City of users business address.
country
Country of users business address.
department_number
Department number of users business address.

aliases: departmentNumber
description
Description (not gecos)
display_name
Display name (not gecos)

aliases: displayName
email Default:
[]
A list of e-mail addresses.
employee_number
Employee number

aliases: employeeNumber
employee_type
Employee type

aliases: employeeType
firstname
First name. Required if state=present.
gecos
GECOS
groups Default:
[]
POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: (&(objectClass=posixGroup(cn=$GROUP))).
home_share
Home NFS share. Must be a LDAP DN, e.g. cn=home,cn=shares,ou=school,dc=example,dc=com.

aliases: homeShare
home_share_path
Path to home NFS share, inside the homeShare.

aliases: homeSharePath
home_telephone_number Default:
[]
List of private telephone numbers.

aliases: homeTelephoneNumber
homedrive
Windows home drive, e.g. "H:".
lastname
Last name. Required if state=present.
mail_alternative_address Default:
[]
List of alternative e-mail addresses.

aliases: mailAlternativeAddress
mail_home_server
FQDN of mail server

aliases: mailHomeServer
mail_primary_address
Primary e-mail address

aliases: mailPrimaryAddress
mobile_telephone_number Default:
[]
Mobile phone number

aliases: mobileTelephoneNumber
organisation
Organisation
ou Default:
Organizational Unit inside the LDAP Base DN, e.g. school for LDAP OU ou=school,dc=example,dc=com.
override_pw_history
bool
    Choices:
  • no ←
  • yes
Override password history

aliases: overridePWHistory
override_pw_length
bool
    Choices:
  • no ←
  • yes
Override password check

aliases: overridePWLength
pager_telephonenumber Default:
[]
List of pager telephone numbers.

aliases: pagerTelephonenumber
password
Password. Required if state=present.
phone
List of telephone numbers.
position Default:
Define the whole position of users object inside the LDAP tree, e.g. cn=employee,cn=users,ou=school,dc=example,dc=com.
postcode
Postal code of users business address.
primary_group Default:
cn=Domain Users,cn=groups,$LDAP_BASE_DN
Primary group. This must be the group LDAP DN.

aliases: primaryGroup
profilepath
Windows profile directory
pwd_change_next_login
    Choices:
  • 0
  • 1
Change password on next login.

aliases: pwdChangeNextLogin
room_number
Room number of users business address.

aliases: roomNumber
samba_privileges
Samba privilege, like allow printer administration, do domain join.

aliases: sambaPrivileges
samba_user_workstations
Allow the authentication only on this Microsoft Windows host.

aliases: sambaUserWorkstations
sambahome
Windows home path, e.g. '\\$FQDN\$USERNAME'.
scriptpath
Windows logon script.
secretary Default:
[]
A list of superiors as LDAP DNs.
serviceprovider Default:
[]
Enable user for the following service providers.
shell Default:
/bin/bash
Login shell
state
    Choices:
  • present ←
  • absent
Whether the user is present or not.
street
Street of users business address.
subpath Default:
cn=users
LDAP subpath inside the organizational unit, e.g. cn=teachers,cn=users for LDAP container cn=teachers,cn=users,dc=example,dc=com.
title
Title, e.g. Prof..
unixhome Default:
/home/$USERNAME
Unix home directory
update_password
(added in 2.3)
Default:
always
always will update passwords if they differ. on_create will only set the password for newly created users.
userexpiry Default:
Today + 1 year
Account expiry date, e.g. 1999-12-31.
username
required
User name

aliases: name

Examples

# Create a user on a UCS
- udm_user:
    name: FooBar
    password: secure_password
    firstname: Foo
    lastname: Bar

# Create a user with the DN
# C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
- udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    ou: school
    subpath: 'cn=teachers,cn=users'
# or define the position
- udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

  • Tobias Rueetschi (@2-B)

Hint

If you notice any issues in this documentation you can edit this document to improve it.