Manage objects via Univention Directory Manager (UDM).
Version added: 1.2.0
- Create nonexistent objects
- Modify properties of given objects
- Delete objects
The below requirements are needed on the host that executes this module.
- Python
>= 2.7or>= 3.9
| Parameter | Defaults | Comments |
|---|---|---|
| module (string) | The udm module for which objects are to be modified. | |
| position (string) | The position within the LDAP-tree. | |
| dn (string) | The distinguished name of the LDAP object. | |
| filter (string) | A LDAP search filter to select objects. | |
| state (string) | "present" | Either 'present' for creating of modifying the objects given or 'absent' for deleting the objects. |
| +superordinate (string) | None | When creating a new object, set its superordinate to this DN. Only affects newly created LDAP objects, this option is ingored for modifications and removals of existing entries. |
| set_properties (list) | A list of dictionaries with the keys property and value. Properties of the objects are to be set to the given values. | |
| unset_properties (list) | A list of dictionaries with the key property. The listed properties of the objects are to be unset. | |
| policies (list) | A list of policies to apply to the given object. You have to define all policies you expect at the users object. |
# create a new user object
- name: create a user
univention_directory_manager:
module: 'users/user'
state: 'present'
set_properties:
- property: 'username'
value: 'testuser1'
- property: 'lastname'
value: 'testuser1'
- property: 'password'
value: 'univention'
# create an extended attribute
- name: "create an extended attribute with superordinary param and complex attributes"
univention_directory_manager:
module: "settings/extended_attribute"
superordinate: "cn=custom attributes,cn=univention,dc=example,dc=org"
state: "present"
set_properties:
- property: "name"
value: "testAttribute"
- property: "shortDescription"
value: "This is a test attribute"
- property: "module"
# Multivalued properties must be provided as a list
value: ["users/user", "groups/group"]
- property: "translationShortDescription"
# Complex types must be provided in their parsed tuple form, always nested inside a list
value: [["de_DE", "Dies ist ein Test-Attribut"]]
- property: "objectClass"
value: "customAttributeGroups"
- property: "ldapMapping"
value: "customAttributeTestAttribute"
# delete one or more objects
- name: delete a user with a search filter
univention_directory_manager:
module: 'users/user'
state: 'absent'
filter: '(uid=testuser1)'
# use position to place the object in the directory tree
- name: create a user with position
univention_directory_manager:
module: 'users/user'
state: 'present'
position: 'cn=users,ou=DEMOSCHOOL,dc=t1,dc=intranet'
set_properties:
- property: 'username'
value: 'testuser2'
- property: 'lastname'
value: 'testuser2'
- property: 'password'
value: 'univention'
# remove specific properties
- name: modify testuser3 - remove property
univention_directory_manager:
module: 'users/user'
state: 'present'
filter: '(uid=testuser3)'
unset_properties:
- property: 'firstname'
value: 'does not matter'
# assign a policy
- name: modify testuser3 - assign policy
univention_directory_manager:
module: 'users/user'
state: 'present'
filter: '(uid=testuser3)'
policies:
- "cn=udm-license,cn=operations,cn=UMC,cn=univention,dc=example,dc=org"
- "cn=anotherone,cn=operations,cn=UMC,cn=univention,dc=example,dc=org"
-| Key | Returned | Description |
|---|---|---|
meta['changed_objects'](list) |
always | A list of all objects that were changed. |
message(string) |
always | A human-readable information about which objects were changed. |