VhI,ddlmZmZmZeZdZdZdZddl m Z m Z ddl Z ddl mZmZddlmZmZmZmZ ddlZd ZdZ ddlZeseZd ZdZd Zed k(reyy#e$rd Ze j2ZY8wxYw#e$rd Ze j2ZYIwxYw) )absolute_importdivisionprint_functionu module: udm_user author: - Tobias Rüetschi (@keachi) short_description: Manage posix users on a univention corporate server description: - This module allows to manage posix users on a univention corporate server (UCS). It uses the Python API of the UCS to create a new object or edit it. notes: - This module requires the deprecated L(crypt Python module, https://docs.python.org/3.12/library/crypt.html) library which was removed from Python 3.13. For Python 3.13 or newer, you need to install L(legacycrypt, https://pypi.org/project/legacycrypt/). requirements: - legacycrypt (on Python 3.13 or newer) extends_documentation_fragment: - community.general.attributes attributes: check_mode: support: full diff_mode: support: partial options: state: default: "present" choices: [present, absent] description: - Whether the user is present or not. type: str username: required: true description: - User name. aliases: ['name'] type: str firstname: description: - First name. Required if O(state=present). type: str lastname: description: - Last name. Required if O(state=present). type: str password: description: - Password. Required if O(state=present). type: str birthday: description: - Birthday. type: str city: description: - City of users business address. type: str country: description: - Country of users business address. type: str department_number: description: - Department number of users business address. aliases: [departmentNumber] type: str description: description: - Description (not gecos). type: str display_name: description: - Display name (not gecos). aliases: [displayName] type: str email: default: [''] description: - A list of e-mail addresses. type: list elements: str employee_number: description: - Employee number. aliases: [employeeNumber] type: str employee_type: description: - Employee type. aliases: [employeeType] type: str gecos: description: - GECOS. type: str groups: default: [] description: - 'POSIX groups, the LDAP DNs of the groups is found with the LDAP filter for each group as $GROUP: V((&(objectClass=posixGroup\)(cn=$GROUP\)\)).' type: list elements: str home_share: description: - Home NFS share. Must be a LDAP DN, for example V(cn=home,cn=shares,ou=school,dc=example,dc=com). aliases: [homeShare] type: str home_share_path: description: - Path to home NFS share, inside the homeShare. aliases: [homeSharePath] type: str home_telephone_number: default: [] description: - List of private telephone numbers. aliases: [homeTelephoneNumber] type: list elements: str homedrive: description: - Windows home drive, for example V("H:"). type: str mail_alternative_address: default: [] description: - List of alternative e-mail addresses. aliases: [mailAlternativeAddress] type: list elements: str mail_home_server: description: - FQDN of mail server. aliases: [mailHomeServer] type: str mail_primary_address: description: - Primary e-mail address. aliases: [mailPrimaryAddress] type: str mobile_telephone_number: default: [] description: - Mobile phone number. aliases: [mobileTelephoneNumber] type: list elements: str organisation: description: - Organisation. aliases: [organization] type: str overridePWHistory: type: bool default: false description: - Override password history. aliases: [override_pw_history] overridePWLength: type: bool default: false description: - Override password check. aliases: [override_pw_length] pager_telephonenumber: default: [] description: - List of pager telephone numbers. aliases: [pagerTelephonenumber] type: list elements: str phone: description: - List of telephone numbers. type: list elements: str default: [] postcode: description: - Postal code of users business address. type: str primary_group: description: - Primary group. This must be the group LDAP DN. - If not specified, it defaults to V(cn=Domain Users,cn=groups,$LDAP_BASE_DN). aliases: [primaryGroup] type: str profilepath: description: - Windows profile directory. type: str pwd_change_next_login: choices: ['0', '1'] description: - Change password on next login. aliases: [pwdChangeNextLogin] type: str room_number: description: - Room number of users business address. aliases: [roomNumber] type: str samba_privileges: description: - Samba privilege, like allow printer administration, do domain join. aliases: [sambaPrivileges] type: list elements: str default: [] samba_user_workstations: description: - Allow the authentication only on this Microsoft Windows host. aliases: [sambaUserWorkstations] type: list elements: str default: [] sambahome: description: - Windows home path, for example V('\\\\$FQDN\\$USERNAME'). type: str scriptpath: description: - Windows logon script. type: str secretary: default: [] description: - A list of superiors as LDAP DNs. type: list elements: str serviceprovider: default: [''] description: - Enable user for the following service providers. type: list elements: str shell: default: '/bin/bash' description: - Login shell. type: str street: description: - Street of users business address. type: str title: description: - Title, for example V(Prof.). type: str unixhome: description: - Unix home directory. - If not specified, it defaults to C(/home/$USERNAME). type: str userexpiry: description: - Account expiry date, for example V(1999-12-31). - If not specified, it defaults to the current day plus one year. type: str position: default: '' description: - Define the whole position of users object inside the LDAP tree, for example V(cn=employee,cn=users,ou=school,dc=example,dc=com). type: str update_password: default: always choices: [always, on_create] description: - V(always) updates passwords if they differ. - V(on_create) only sets the password for newly created users. type: str ou: default: '' description: - Organizational Unit inside the LDAP Base DN, for example V(school) for LDAP OU C(ou=school,dc=example,dc=com). type: str subpath: default: 'cn=users' description: - LDAP subpath inside the organizational unit, for example V(cn=teachers,cn=users) for LDAP container C(cn=teachers,cn=users,dc=example,dc=com). type: str a - name: Create a user on a UCS community.general.udm_user: name: FooBar password: secure_password firstname: Foo lastname: Bar - name: Create a user with the DN uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com community.general.udm_user: name: foo password: secure_password firstname: Foo lastname: Bar ou: school subpath: 'cn=teachers,cn=users' # or define the position - name: Create a user with the DN uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com community.general.udm_user: name: foo password: secure_password firstname: Foo lastname: Bar position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com' #)date timedeltaN) AnsibleModulemissing_required_lib)umc_module_for_addumc_module_for_edit ldap_searchbase_dnTFc tjtjtdzd}t t didt ddt ddt dd t dd g d t dd t ddg dt dgdddt ddg dt ddg dt ddt ddt gdddt ddg dt ddg dt gdddg d!t dd"t dd#t gddd$g d%t dd&g d't dd(g d)t gddd*g d+t dd,g d-t d.d/d0g1d2t d.d/d3g1d4t gddd5g d6t dd78d9t gddd:t dd;t ddt dd?d@gdAgBdCt ddDg dEt gdddFg dGt gdddHg dIt ddJt ddKt gdddLt dgdddMt dNdOdPt ddQt ddRt ddSt ddTt d7dUgdVdWt ddOdXt dYdYdZgd[d\t ddOd]t d^dOd_t d`d`dagd[d7d_d`gdbfgc}t s&ts |jtddte|jdT}|jdW}|jd\}|jd]}|jd_}d.}d}ttdfj|dggh} |dk7r|} nG|dk7rdij|}|dk7rdjj|}dkj||t} dlj|| } t!t#| } |d`k(r | s t%dm| } n t'dm| } |jd9dnj|jd|jd"|jd<|jdR+doj|jdT|jdR<| j)D]E}|d6k7s |dk7s|d-k7s||jvs$|j|4|j|| |<G|jd| dp<dS| vr| j+dS|| dS<|jd6}| d6|| d6<|jdXdYk(rZ| d6j-dqdrds}t/j.|||k7r)|jd-| d-<|jd2| d2<|| d6<| j1}| r*| j)D]}| j3|sd7}nd7}|j4s%| s| j7n|r| j9 |jd}|rdvjdwj=|}tt|dxgh}|D]K}t'dy|dz}| |d{vs|d{j?| |j4s|j9d7}M|dak(r-| r+ t'dm| } |j4s| jAd7}|jC|||| ~y#t:$r&|jdtj|| uYwxYw#t:$r$|jd|j|uYwxYw#t:$r$|jd}j|uYwxYw)Nim)daysz%Y-%m-%dbirthdaystr)typecitycountrydepartment_numberdepartmentNumber)raliases description display_name displayNameemaillist)defaultrelementsemployee_numberemployeeNumber employee_type employeeType firstnamegecosgroups home_share homeSharehome_share_path homeSharePathhome_telephone_numberhomeTelephoneNumber)rrr r homedrivelastnamemail_alternative_addressmailAlternativeAddressmail_home_servermailHomeServermail_primary_addressmailPrimaryAddressmobile_telephone_numbermobileTelephoneNumber organisation organizationoverridePWHistoryFbooloverride_pw_history)rrroverridePWLengthoverride_pw_lengthpager_telephonenumberpagerTelephonenumberpasswordT)rno_logphonepostcode primary_group primaryGroup profilepathpwd_change_next_login01pwdChangeNextLogin)rchoicesr room_number roomNumbersamba_privilegessambaPrivilegessamba_user_workstationssambaUserWorkstations sambahome scriptpath secretaryserviceprovidershellz /bin/bash)rrstreettitleunixhome userexpiryusernamename)requiredrrpositionupdate_passwordalways on_create)rrLrousubpathzcn=usersstatepresentabsent)r%r/rA) argument_specsupports_check_mode required_ifzHcrypt (part of standard library up to Python 3.12) or legacycrypt (PyPI))msg exceptionz&(&(objectClass=posixAccount)(uid={0}))uid)attrzou={0},z{0},z {0}{1}{2}z uid={0},{1}z users/userz{0} {1}z /home/{0}ze-mail}z'Creating/editing user {0} in {1} failed)rkz&(&(objectClass=posixGroup)(|(cn={0})))z)(cn=dnz groups/grouprusersz Adding groups to user {0} failedzRemoving user {0} failed)changedr\diff container)"rstrftimetodayrr dict HAS_CRYPTHAS_LEGACYCRYPT fail_jsonr LEGACYCRYPT_IMPORT_ERRORparamsrr formatrr;lenr r keysgetsplitcryptru hasChanged check_modecreatemodify Exceptionjoinappendremove exit_json)expirymoduler\r_rcrdrertrursrvuser_dnexistsobjkrA old_passwordr'filter group_dnsrrgrps n/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/udm_user.pymainrbs ]]4::<)*==z JF j u%j 5!j e$j #,>+?A j %( j 5'4o7j t" %'j !e*:);=j E(6'79j &!j "E"#j $#!&(%j *%0M3+j .!e*9):&*"/5383K2L&N?j F"u+;*<>Gj J"&5/C.D"FKj N%).4272I1J%LOj V5'5&68Wj Z#5(.,A+BD[j `"%'-+?*@Baj f#'r,2050F/G#Igj nu!%'oj rr" %'sj xu%yj zE(6'79{j ~%(j @#'E03Sz0D/E#GAj F%&2^5Gj J""'-+0+<*=?Kj R%).4272I1J%LSj Z&[j \']j ^2 &$)+_j d!"&,*/1ej j{!#kj nU#oj pE"qj ru%sj t'uj v4#)($&wj |"$&}j @!*2K)@&+-Aj FB Gj J#%Kj Ny )84!#Oj V! i!F G [pFd _$%op.  }}Z(H}}Z(H t BmmI&G MM' "EG D 077AW E2~ 8!!"%B b=mmG,G&&wGI> ""8Y7G #e* F 6 (yA),@}}]+3/8/?/?MM+.MM*-0 m,}}Z(0,7,>,>MM*-- j)XXZ .OX 00V]]* a(4#]]1-CF  .#MM'2CMs"sww|'<'D$*L!}}Z0H:&"*J}}./8;":44S!rsA@ T n 8 $J I $  O#m` zFG0I---/06O3y3356s"AA8A54A58BB