community.general.udm_user module – Manage posix users on a univention corporate server
Note
This module is part of the community.general collection (version 9.5.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.general.udm_user.
Synopsis
This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.
Requirements
The below requirements are needed on the host that executes this module.
legacycrypt (on Python 3.13 or newer)
Parameters
Parameter |
Comments |
|---|---|
Birthday |
|
City of users business address. |
|
Country of users business address. |
|
Department number of users business address. |
|
Description (not gecos) |
|
Display name (not gecos) |
|
A list of e-mail addresses. Default: |
|
Employee number |
|
Employee type |
|
First name. Required if |
|
GECOS |
|
POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: Default: |
|
Home NFS share. Must be a LDAP DN, e.g. |
|
Path to home NFS share, inside the homeShare. |
|
List of private telephone numbers. Default: |
|
Windows home drive, for example |
|
Last name. Required if |
|
List of alternative e-mail addresses. Default: |
|
FQDN of mail server |
|
Primary e-mail address |
|
Mobile phone number Default: |
|
Organisation |
|
Organizational Unit inside the LDAP Base DN, for example Default: |
|
Override password history Choices:
|
|
Override password check Choices:
|
|
List of pager telephone numbers. Default: |
|
Password. Required if |
|
List of telephone numbers. Default: |
|
Define the whole position of users object inside the LDAP tree, for example Default: |
|
Postal code of users business address. |
|
Primary group. This must be the group LDAP DN. If not specified, it defaults to |
|
Windows profile directory |
|
Change password on next login. Choices:
|
|
Room number of users business address. |
|
Samba privilege, like allow printer administration, do domain join. Default: |
|
Allow the authentication only on this Microsoft Windows host. Default: |
|
Windows home path, for example |
|
Windows logon script. |
|
A list of superiors as LDAP DNs. Default: |
|
Enable user for the following service providers. Default: |
|
Login shell Default: |
|
Whether the user is present or not. Choices:
|
|
Street of users business address. |
|
LDAP subpath inside the organizational unit, for example Default: |
|
Title, for example |
|
Unix home directory If not specified, it defaults to |
|
Choices:
|
|
Account expiry date, for example If not specified, it defaults to the current day plus one year. |
|
User name |
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: full |
Can run in |
|
Support: partial |
Will return details on what has changed (or possibly needs changing in |
Notes
Note
This module requires the deprecated crypt Python module library which was removed from Python 3.13. For Python 3.13 or newer, you need to install legacycrypt.
Examples
- name: Create a user on a UCS
community.general.udm_user:
name: FooBar
password: secure_password
firstname: Foo
lastname: Bar
- name: Create a user with the DN uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com
community.general.udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
ou: school
subpath: 'cn=teachers,cn=users'
# or define the position
- name: Create a user with the DN uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com
community.general.udm_user:
name: foo
password: secure_password
firstname: Foo
lastname: Bar
position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'