univention udm_user: add parameter to control password update (#20699)

* univention udm_user: added support to set the password always * module udm_user: added version 2.3 to update_password
2017-02-02 20:10:32 +01:00 · 2017-02-02 20:10:32 +01:00 · 4f117df6ec
commit 4f117df6ec
parent 4269b12c9d
1 changed files with 11 additions and 1 deletions
--- a/lib/ansible/modules/cloud/univention/udm_user.py
+++ b/lib/ansible/modules/cloud/univention/udm_user.py
@ -304,6 +304,13 @@ options:
        description:
            - "Define the whole position of users object inside the LDAP tree,
               e.g. C(cn=employee,cn=users,ou=school,dc=example,dc=com)."
+    update_password:
+        required: false
+        default: always
+        description:
+            - "C(always) will update passwords if they differ.
+               C(on_create) will only set the password for newly created users."
+        version_added: "2.3"
    ou:
        required: false
        default: ''
@ -466,6 +473,9 @@ def main():
                                           type='str'),
            position                = dict(default='',
                                           type='str'),
+            update_password         = dict(default='always',
+                                           choices=['always', 'on_create'],
+                                           type='str'),
            ou                      = dict(default='',
                                           type='str'),
            subpath                 = dict(default='cn=users',
@ -530,7 +540,7 @@ def main():
            password = module.params['password']
            if obj['password'] is None:
                obj['password'] = password
-            else:
+            if module.params['update_password'] == 'always':
                old_password = obj['password'].split('}', 2)[1]
                if crypt.crypt(password, old_password) != old_password:
                    obj['overridePWHistory'] = module.params['overridePWHistory']