From b5579f55ccdabe4649d05479a18429650b4b5e41 Mon Sep 17 00:00:00 2001 From: quenck Date: Sun, 7 Jan 2018 23:43:34 +0100 Subject: [PATCH] win_domain_user allow to update generic attributes (#34558) * win_domain_user allow to update generic attributes Signed-off-by: Marko Koehne * win_domain_user.py fixed indentation Signed-off-by: Marko Koehne * win_domain_user.py attributes add version_added Signed-off-by: Marko Koehne * win_domain_user.p1 removed attributes from result Signed-off-by: Marko Koehne * moved run_change outside of if statement --- .../modules/windows/win_domain_user.ps1 | 45 ++++++++++++++++++- .../modules/windows/win_domain_user.py | 9 ++++ 2 files changed, 53 insertions(+), 1 deletion(-) diff --git a/lib/ansible/modules/windows/win_domain_user.ps1 b/lib/ansible/modules/windows/win_domain_user.ps1 index 8dac046edc..c00e89c0e0 100644 --- a/lib/ansible/modules/windows/win_domain_user.ps1 +++ b/lib/ansible/modules/windows/win_domain_user.ps1 @@ -64,6 +64,9 @@ $user_info = @{ Country = Get-AnsibleParam -obj $params -name "country" -type "str" } +# Additional attributes +$attributes = Get-AnsibleParam -obj $params -name "attributes" + # Parameter validation If ($account_locked -ne $null -and $account_locked) { Fail-Json $result "account_locked must be set to 'no' if provided" @@ -164,6 +167,46 @@ If ($state -eq 'present') { } } + # Set additional attributes + $set_args = @{} + $run_change = $false + if ($attributes -ne $null) { + $add_attributes = @{} + $replace_attributes = @{} + foreach ($attribute in $attributes.GetEnumerator()) { + $attribute_name = $attribute.Name + $attribute_value = $attribute.Value + + $valid_property = [bool]($user_obj.PSobject.Properties.name -eq $attribute_name) + if ($valid_property) { + $existing_value = $user_obj.$attribute_name + if ($existing_value -cne $attribute_value) { + $replace_attributes.$attribute_name = $attribute_value + } + } else { + $add_attributes.$attribute_name = $attribute_value + } + } + if ($add_attributes.Count -gt 0) { + $set_args.Add = $add_attributes + $run_change = $true + } + if ($replace_attributes.Count -gt 0) { + $set_args.Replace = $replace_attributes + $run_change = $true + } + } + + if ($run_change) { + try { + $user_obj = $user_obj | Set-ADUser -WhatIf:$check_mode -PassThru @set_args + } catch { + Fail-Json $result "failed to change user $($username): $($_.Exception.Message)" + } + $result.changed = $true + } + + # Configure group assignment If ($groups -ne $null) { $group_list = $groups @@ -277,4 +320,4 @@ catch { Fail-Json $result $_.Exception.Message } -Exit-Json $result \ No newline at end of file +Exit-Json $result diff --git a/lib/ansible/modules/windows/win_domain_user.py b/lib/ansible/modules/windows/win_domain_user.py index 5fa467177e..42194e49a8 100644 --- a/lib/ansible/modules/windows/win_domain_user.py +++ b/lib/ansible/modules/windows/win_domain_user.py @@ -148,6 +148,13 @@ options: if you specify a path on an existing user, the user's path will not be updated - you must delete (e.g., state=absent) the user and then re-add the user with the appropriate path. + attributes: + description: + - A dict of custom LDAP attributes to set on the user. + - This can be used to set custom attributes that are not exposed as module + parameters, e.g. C(telephoneNumber). + - See the examples on how to format this parameter. + version_added: "2.5" notes: - Works with Windows 2012R2 and newer. - If running on a server that is not a Domain Controller, credential @@ -175,6 +182,8 @@ EXAMPLES = r''' state_province: IN postal_code: 12345 country: US + attributes: + telephoneNumber: 555-123456 - name: Ensure user bob is present in OU ou=test,dc=domain,dc=local win_domain_user: