New in version 2.3.
The below requirements are needed on the host that executes this module.
Parameter |
Choices/Defaults |
Comments |
---|---|---|
displayname
|
|
Display name
|
gidnumber
(added in 2.5) |
|
Posix Group ID
|
givenname
|
|
First name
|
ipa_host
|
Default:
ipa.example.com
|
IP or hostname of IPA server.
If the value is not specified in the task, the value of environment variable
IPA_HOST will be used instead.If both the environment variable
IPA_HOST and the value are not specified in the task, then default value is set.Environment variable fallback mechanism is added in version 2.5.
|
ipa_pass
required |
|
Password of administrative user.
If the value is not specified in the task, the value of environment variable
IPA_PASS will be used instead.If both the environment variable
IPA_PASS and the value are not specified in the task, then default value is set.Environment variable fallback mechanism is added in version 2.5.
|
ipa_port
|
Default:
443
|
Port of FreeIPA / IPA server.
If the value is not specified in the task, the value of environment variable
IPA_PORT will be used instead.If both the environment variable
IPA_PORT and the value are not specified in the task, then default value is set.Environment variable fallback mechanism is added in version 2.5.
|
ipa_prot
|
|
Protocol used by IPA server.
If the value is not specified in the task, the value of environment variable
IPA_PROT will be used instead.If both the environment variable
IPA_PROT and the value are not specified in the task, then default value is set.Environment variable fallback mechanism is added in version 2.5.
|
ipa_user
|
Default:
admin
|
Administrative account used on IPA server.
If the value is not specified in the task, the value of environment variable
IPA_USER will be used instead.If both the environment variable
IPA_USER and the value are not specified in the task, then default value is set.Environment variable fallback mechanism is added in version 2.5.
|
krbpasswordexpiration
(added in 2.5) |
|
Date at which the user password will expire
In the format YYYYMMddHHmmss
e.g. 20180121182022 will expire on 21 January 2018 at 18:20:22
|
loginshell
|
|
Login shell
|
mail
|
|
List of mail addresses assigned to the user.
If an empty list is passed all assigned email addresses will be deleted.
If None is passed email addresses will not be checked or changed.
|
password
|
|
Password for new user
|
sn
|
|
Surname
|
sshpubkey
|
|
List of public SSH key.
If an empty list is passed all assigned public keys will be deleted.
If None is passed SSH public keys will not be checked or changed.
|
state
|
|
State to ensure
|
telephonenumber
|
|
List of telephone numbers assigned to the user.
If an empty list is passed all assigned telephone numbers will be deleted.
If None is passed telephone numbers will not be checked or changed.
|
title
|
|
Title
|
uid
required |
|
uid of the user
aliases: name |
uidnumber
(added in 2.5) |
|
Account Settings UID/Posix User ID number
|
validate_certs
|
Default:
yes
|
This only applies if
ipa_prot is https.If set to
no , the SSL certificates will not be validated.This should only set to
no used on personally controlled sites using self-signed certificates. |
# Ensure pinky is present
- ipa_user:
name: pinky
state: present
krbpasswordexpiration: 20200119235959
givenname: Pinky
sn: Acme
mail:
- pinky@acme.com
telephonenumber:
- '+555123456'
sshpubkey:
- ssh-rsa ....
- ssh-dsa ....
uidnumber: 1001
gidnumber: 100
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
# Ensure brain is absent
- ipa_user:
name: brain
state: absent
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
Common return values are documented here, the following are the fields unique to this module:
Key |
Returned |
Description |
---|---|---|
user
dict
|
always |
User as returned by IPA API
|
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Hint
If you notice any issues in this documentation you can edit this document to improve it.