|
Packit |
8cb997 |
User module
|
|
Packit |
8cb997 |
===========
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Description
|
|
Packit |
8cb997 |
-----------
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
The user module allows to ensure presence, absence, disablement, unlocking and undeletion of users.
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
The user module is as compatible as possible to the Ansible upstream `ipa_user` module, but additionally offers to preserve delete, enable, disable, unlock and undelete users.
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Features
|
|
Packit |
8cb997 |
--------
|
|
Packit |
8cb997 |
* User management
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Supported FreeIPA Versions
|
|
Packit |
8cb997 |
--------------------------
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
FreeIPA versions 4.4.0 and up are supported by the ipauser module.
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Requirements
|
|
Packit |
8cb997 |
------------
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
**Controller**
|
|
Packit |
8cb997 |
* Ansible version: 2.8+
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
**Node**
|
|
Packit |
8cb997 |
* Supported FreeIPA version (see above)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Usage
|
|
Packit |
8cb997 |
=====
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Example inventory file
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```ini
|
|
Packit |
8cb997 |
[ipaserver]
|
|
Packit |
8cb997 |
ipaserver.test.local
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Example playbook to ensure a user is present:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Ensure user pinky is present
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
name: pinky
|
|
Packit |
8cb997 |
first: pinky
|
|
Packit |
8cb997 |
last: Acme
|
|
Packit |
8cb997 |
uid: 10001
|
|
Packit |
8cb997 |
gid: 100
|
|
Packit |
8cb997 |
phone: "+555123457"
|
|
Packit |
8cb997 |
email: pinky@acme.com
|
|
Packit |
8cb997 |
passwordexpiration: "2023-01-19 23:59:59"
|
|
Packit |
8cb997 |
password: "no-brain"
|
|
Packit |
8cb997 |
update_password: on_create
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# Ensure user brain is present
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
name: brain
|
|
Packit |
8cb997 |
first: brain
|
|
Packit |
8cb997 |
last: Acme
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
`update_password` controls if a password for a user will be set in present state only on creation or every time (always).
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
These two `ipauser` module calls can be combined into one with the `users` variable:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Ensure users pinky and brain are present
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
users:
|
|
Packit |
8cb997 |
- name: pinky
|
|
Packit |
8cb997 |
first: pinky
|
|
Packit |
8cb997 |
last: Acme
|
|
Packit |
8cb997 |
uid: 10001
|
|
Packit |
8cb997 |
gid: 100
|
|
Packit |
8cb997 |
phone: "+555123457"
|
|
Packit |
8cb997 |
email: pinky@acme.com
|
|
Packit |
8cb997 |
passwordexpiration: "2023-01-19 23:59:59"
|
|
Packit |
8cb997 |
password: "no-brain"
|
|
Packit |
8cb997 |
- name: brain
|
|
Packit |
8cb997 |
first: brain
|
|
Packit |
8cb997 |
last: Acme
|
|
Packit |
8cb997 |
update_password: on_create
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
You can also alternatively use a json file containing the users, here `users_present.json`:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```json
|
|
Packit |
8cb997 |
{
|
|
Packit |
8cb997 |
"users": [
|
|
Packit |
8cb997 |
{
|
|
Packit |
8cb997 |
"name": "user1",
|
|
Packit |
8cb997 |
"first": "First 1",
|
|
Packit |
8cb997 |
"last": "Last 1"
|
|
Packit |
8cb997 |
},
|
|
Packit |
8cb997 |
{
|
|
Packit |
8cb997 |
"name": "user2",
|
|
Packit |
8cb997 |
"first": "First 2",
|
|
Packit |
8cb997 |
"last": "Last 2"
|
|
Packit |
8cb997 |
},
|
|
Packit |
8cb997 |
...
|
|
Packit |
8cb997 |
]
|
|
Packit |
8cb997 |
}
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
And ensure the presence of the users with this example playbook:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Tests
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
gather_facts: false
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
- name: Include users_present.json
|
|
Packit |
8cb997 |
include_vars:
|
|
Packit |
8cb997 |
file: users_present.json
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Users present
|
|
Packit |
8cb997 |
ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: SomeADMINpassword
|
|
Packit |
8cb997 |
users: "{{ users }}"
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Ensure user pinky is present with a generated random password and print the random password:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Ensure user pinky is present with a random password
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
name: brain
|
|
Packit |
8cb997 |
first: brain
|
|
Packit |
8cb997 |
last: Acme
|
|
Packit |
8cb997 |
random: yes
|
|
Packit |
8cb997 |
register: ipauser
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Print generated random password
|
|
Packit |
8cb997 |
debug:
|
|
Packit |
8cb997 |
var: ipauser.user.randompassword
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Ensure users pinky and brain are present with a generated random password and print the random passwords:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Ensure users pinky and brain are present with random password
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
users:
|
|
Packit |
8cb997 |
- name: pinky
|
|
Packit |
8cb997 |
first: pinky
|
|
Packit |
8cb997 |
last: Acme
|
|
Packit |
8cb997 |
uid: 10001
|
|
Packit |
8cb997 |
gid: 100
|
|
Packit |
8cb997 |
phone: "+555123457"
|
|
Packit |
8cb997 |
email: pinky@acme.com
|
|
Packit |
8cb997 |
passwordexpiration: "2023-01-19 23:59:59"
|
|
Packit |
8cb997 |
password: "no-brain"
|
|
Packit |
8cb997 |
- name: brain
|
|
Packit |
8cb997 |
first: brain
|
|
Packit |
8cb997 |
last: Acme
|
|
Packit |
8cb997 |
register: ipauser
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Print generated random password of pinky
|
|
Packit |
8cb997 |
debug:
|
|
Packit |
8cb997 |
var: ipauser.user.pinky.randompassword
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Print generated random password of brain
|
|
Packit |
8cb997 |
debug:
|
|
Packit |
8cb997 |
var: ipauser.user.brain.randompassword
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Example playbook to delete a user, but preserve it:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Remove but preserve user pinky
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
name: pinky
|
|
Packit |
8cb997 |
preserve: yes
|
|
Packit |
8cb997 |
state: absent
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
This can also be done with the `users` variable containing only names, this can be combined into one module call:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Example playbook to delete a user, but preserve it using the `users` variable:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Remove but preserve user pinky
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
users:
|
|
Packit |
8cb997 |
- name: pinky
|
|
Packit |
8cb997 |
preserve: yes
|
|
Packit |
8cb997 |
state: absent
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
This can also be done as an alternative with the `users` variable containing only names.
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Example playbook to undelete a preserved user.
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Undelete preserved user pinky
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
name: pinky
|
|
Packit |
8cb997 |
state: undeleted
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
This can also be done as an alternative with the `users` variable containing only names.
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Example playbook to disable a user:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Disable user pinky
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
name: pinky
|
|
Packit |
8cb997 |
state: disabled
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
This can also be done as an alternative with the `users` variable containing only names.
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Example playbook to enable users:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Enable user pinky and brain
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
name: pinky,brain
|
|
Packit |
8cb997 |
state: enabled
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
This can also be done as an alternative with the `users` variable containing only names.
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Example playbook to unlock users:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Unlock user pinky and brain
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
name: pinky,brain
|
|
Packit |
8cb997 |
state: unlocked
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Example playbook to ensure users are absent:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Ensure users pinky and brain are absent
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
name: pinky,brain
|
|
Packit |
8cb997 |
state: absent
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
This can also be done as an alternative with the `users` variable containing only names.
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Example playbook to ensure users are absent:
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
```yaml
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
- name: Playbook to handle users
|
|
Packit |
8cb997 |
hosts: ipaserver
|
|
Packit |
8cb997 |
become: true
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
tasks:
|
|
Packit |
8cb997 |
# Ensure users pinky and brain are absent
|
|
Packit |
8cb997 |
- ipauser:
|
|
Packit |
8cb997 |
ipaadmin_password: MyPassword123
|
|
Packit |
8cb997 |
users:
|
|
Packit |
8cb997 |
- name: pinky
|
|
Packit |
8cb997 |
- name: brain
|
|
Packit |
8cb997 |
state: absent
|
|
Packit |
8cb997 |
```
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Variables
|
|
Packit |
8cb997 |
=========
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
ipauser
|
|
Packit |
8cb997 |
-------
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
**General Variables:**
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Variable | Description | Required
|
|
Packit |
8cb997 |
-------- | ----------- | --------
|
|
Packit |
8cb997 |
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
|
|
Packit |
8cb997 |
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
|
|
Packit |
8cb997 |
`name` | The list of user name strings. `name` with *user variables* or `users` containing *user variables* need to be used. | no
|
|
Packit |
8cb997 |
**User variables** | Only used with `name` variable in the first level. | no
|
|
Packit |
8cb997 |
`users` | The list of user dicts. Each `users` dict entry can contain **user variables**. There is one required option in the `users` dict:| no
|
|
Packit |
8cb997 |
| `name` - The user name string of the entry. | yes
|
|
Packit |
8cb997 |
| **User variables** | no
|
|
Packit |
8cb997 |
`preserve` | Delete a user, keeping the entry available for future use. (bool) | no
|
|
Packit |
8cb997 |
`update_password` | Set password for a user in present state only on creation or always. It can be one of `always` or `on_create` and defaults to `always`. | no
|
|
Packit |
8cb997 |
`preserve` | Delete a user, keeping the entry available for future use. (bool) | no
|
|
Packit |
8cb997 |
`action` | Work on user or member level. It can be on of `member` or `user` and defaults to `user`. | no
|
|
Packit |
8cb997 |
`state` | The state to ensure. It can be one of `present`, `absent`, `enabled`, `disabled`, `unlocked` or `undeleted`, default: `present`. Only `names` or `users` with only `name` set are allowed if state is not `present`. | yes
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
**User Variables:**
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Variable | Description | Required
|
|
Packit |
8cb997 |
-------- | ----------- | --------
|
|
Packit |
8cb997 |
`first` \| `givenname` | The first name string. | no
|
|
Packit |
8cb997 |
`last` \| `sn` | The last name string. | no
|
|
Packit |
8cb997 |
`fullname` \| `cn` | The full name string. | no
|
|
Packit |
8cb997 |
`displayname` | The display name string. | no
|
|
Packit |
8cb997 |
`homedir` | The home directory string. | no
|
|
Packit |
8cb997 |
`shell` \| `loginshell` | The login shell string. | no
|
|
Packit |
8cb997 |
`email` | List of email address strings. | no
|
|
Packit |
8cb997 |
`principal` \| `principalnam` \| `krbprincipalname` | The kerberos principal sptring. | no
|
|
Packit |
8cb997 |
`principalexpiration` \| `krbprincipalexpiration` | The kerberos principal expiration date. Possible formats: `YYYYMMddHHmmssZ`, `YYYY-MM-ddTHH:mm:ssZ`, `YYYY-MM-ddTHH:mmZ`, `YYYY-MM-ddZ`, `YYYY-MM-dd HH:mm:ssZ` or `YYYY-MM-dd HH:mmZ`. The trailing 'Z' can be skipped. | no
|
|
Packit |
8cb997 |
`passwordexpiration` \| `krbpasswordexpiration` | The kerberos password expiration date. Possible formats: `YYYYMMddHHmmssZ`, `YYYY-MM-ddTHH:mm:ssZ`, `YYYY-MM-ddTHH:mmZ`, `YYYY-MM-ddZ`, `YYYY-MM-dd HH:mm:ssZ` or `YYYY-MM-dd HH:mmZ`. The trailing 'Z' can be skipped. Only usable with IPA versions 4.7 and up. | no
|
|
Packit |
8cb997 |
`password` | The user password string. | no
|
|
Packit |
8cb997 |
`random` | Generate a random user password | no
|
|
Packit |
8cb997 |
`uid` \| `uidnumber` | The UID integer. | no
|
|
Packit |
8cb997 |
`gid` \| `gidnumber` | The GID integer. | no
|
|
Packit |
8cb997 |
`city` | City | no
|
|
Packit |
8cb997 |
`userstate` \| `st` | State/Province | no
|
|
Packit |
8cb997 |
`postalcode` \| `zip` | Postalcode/ZIP | no
|
|
Packit |
8cb997 |
`phone` \| `telephonenumber` | List of telephone number strings, | no
|
|
Packit |
8cb997 |
`mobile` | List of mobile telephone number strings. | no
|
|
Packit |
8cb997 |
`pager` | List of pager number strings. | no
|
|
Packit |
8cb997 |
`fax` \| `facsimiletelephonenumber` | List of fax number strings. | no
|
|
Packit |
8cb997 |
`orgunit` | The Organisation unit. | no
|
|
Packit |
8cb997 |
`title` | The job title string. | no
|
|
Packit |
8cb997 |
`manager` | List of manager user names. | no
|
|
Packit |
8cb997 |
`carlicense` | List of car licenses. | no
|
|
Packit |
8cb997 |
`sshpubkey` \| `ipasshpubkey` | List of SSH public keys. | no
|
|
Packit |
663f99 |
`userauthtype` | List of supported user authentication types. Choices: `password`, `radius`, `otp` and ``. Use empty string to reset userauthtype to the initial value. | no
|
|
Packit |
8cb997 |
`userclass` | User category. (semantics placed on this attribute are for local interpretation). | no
|
|
Packit |
8cb997 |
`radius` | RADIUS proxy configuration | no
|
|
Packit |
8cb997 |
`radiususer` | RADIUS proxy username | no
|
|
Packit |
8cb997 |
`departmentnumber` | Department Number | no
|
|
Packit |
8cb997 |
`employeenumber` | Employee Number | no
|
|
Packit |
8cb997 |
`employeetype` | Employee Type | no
|
|
Packit |
8cb997 |
`preferredlanguage` | Preferred Language | no
|
|
Packit |
8cb997 |
`certificate` | List of base-64 encoded user certificates. | no
|
|
Packit |
8cb997 |
`certmapdata` | List of certificate mappings. Either `certificate` or `issuer` together with `subject` need to be specified. Options: | no
|
|
Packit |
8cb997 |
| `certificate` - Base-64 encoded user certificate | no
|
|
Packit |
8cb997 |
| `issuer` - Issuer of the certificate | no
|
|
Packit |
8cb997 |
| `subject` - Subject of the certificate | no
|
|
Packit |
8cb997 |
`noprivate` | Do not create user private group. (bool) | no
|
|
Packit |
8cb997 |
`nomembers` | Suppress processing of membership attributes. (bool) | no
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Return Values
|
|
Packit |
8cb997 |
=============
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
ipauser
|
|
Packit |
8cb997 |
-------
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
There are only return values if one or more random passwords have been generated.
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Variable | Description | Returned When
|
|
Packit |
8cb997 |
-------- | ----------- | -------------
|
|
Packit |
8cb997 |
`host` | Host dict with random password. (dict) Options: | If random is yes and user did not exist or update_password is yes
|
|
Packit |
8cb997 |
| `randompassword` - The generated random password | If only one user is handled by the module
|
|
Packit |
8cb997 |
| `name` - The user name of the user that got a new random password. (dict) Options: `randompassword` - The generated random password | If several users are handled by the module
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Authors
|
|
Packit |
8cb997 |
=======
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
Thomas Woerner
|