You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

udm_user - Manage posix users on a univention corporate server¶

New in version 2.2.

Synopsis
Requirements (on host that executes module)
Options
Examples
- Status

Synopsis ¶

This module allows to manage posix users on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it.

Requirements (on host that executes module)¶

Python >= 2.6

Options ¶

parameter	required	default	choices	comments
birthday	no	None		Birthday
city	no	None		City of users business address.
country	no	None		Country of users business address.
department_number	no	None		Department number of users business address. aliases: departmentNumber
description	no	None		Description (not gecos)
display_name	no	None		Display name (not gecos) aliases: displayName
email	no	[u'']		A list of e-mail addresses.
employee_number	no	None		Employee number aliases: employeeNumber
employee_type	no	None		Employee type aliases: employeeType
firstname	no			First name. Required if `state=present`.
gecos	no	None		GECOS
groups	no			POSIX groups, the LDAP DNs of the groups will be found with the LDAP filter for each group as $GROUP: `(&(objectClass=posixGroup`(cn=$GROUP))).
home_share	no	None		Home NFS share. Must be a LDAP DN, e.g. `cn=home,cn=shares,ou=school,dc=example,dc=com`. aliases: homeShare
home_share_path	no	None		Path to home NFS share, inside the homeShare. aliases: homeSharePath
home_telephone_number	no			List of private telephone numbers. aliases: homeTelephoneNumber
homedrive	no	None		Windows home drive, e.g. `"H:"`.
lastname	no			Last name. Required if `state=present`.
mail_alternative_address	no			List of alternative e-mail addresses. aliases: mailAlternativeAddress
mail_home_server	no	None		FQDN of mail server aliases: mailHomeServer
mail_primary_address	no	None		Primary e-mail address aliases: mailPrimaryAddress
mobile_telephone_number	no			Mobile phone number aliases: mobileTelephoneNumber
organisation	no	None		Organisation
ou	no			Organizational Unit inside the LDAP Base DN, e.g. `school` for LDAP OU `ou=school,dc=example,dc=com`.
override_pw_history	no			Override password history aliases: overridePWHistory
override_pw_length	no			Override password check aliases: overridePWLength
pager_telephonenumber	no			List of pager telephone numbers. aliases: pagerTelephonenumber
password	no	None		Password. Required if `state=present`.
phone	no			List of telephone numbers.
position	no			Define the whole position of users object inside the LDAP tree, e.g. `cn=employee,cn=users,ou=school,dc=example,dc=com`.
postcode	no	None		Postal code of users business address.
primary_group	no	cn=Domain Users,cn=groups,$LDAP_BASE_DN		Primary group. This must be the group LDAP DN. aliases: primaryGroup
profilepath	no	None		Windows profile directory
pwd_change_next_login	no	None	0 1	Change password on next login. aliases: pwdChangeNextLogin
room_number	no	None		Room number of users business address. aliases: roomNumber
samba_privileges	no			Samba privilege, like allow printer administration, do domain join. aliases: sambaPrivileges
samba_user_workstations	no			Allow the authentication only on this Microsoft Windows host. aliases: sambaUserWorkstations
sambahome	no	None		Windows home path, e.g. `'\\$FQDN\$USERNAME'`.
scriptpath	no	None		Windows logon script.
secretary	no			A list of superiors as LDAP DNs.
serviceprovider	no	[u'']		Enable user for the following service providers.
shell	no	/bin/bash		Login shell
state	no	present	present absent	Whether the user is present or not.
street	no	None		Street of users business address.
subpath	no	cn=users		LDAP subpath inside the organizational unit, e.g. `cn=teachers,cn=users` for LDAP container `cn=teachers,cn=users,dc=example,dc=com`.
title	no	None		Title, e.g. `Prof.`.
unixhome	no	/home/$USERNAME		Unix home directory
update_password (added in 2.3)	no	always		`always` will update passwords if they differ. `on_create` will only set the password for newly created users.
userexpiry	no	Today + 1 year		Account expiry date, e.g. `1999-12-31`.
username	yes			User name aliases: name

Examples ¶

# Create a user on a UCS
- udm_user:
    name: FooBar
    password: secure_password
    firstname: Foo
    lastname: Bar

# Create a user with the DN
# C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
- udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    ou: school
    subpath: 'cn=teachers,cn=users'
# or define the position
- udm_user:
    name: foo
    password: secure_password
    firstname: Foo
    lastname: Bar
    position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.