Ansible Logo

As a long-term Univention partner, we at Adfinis Sygroup operate UCS environments for many of our customers. We employ Ansible for automation when running different Linux distributions as it standardizes the roll-out of UCS among other things.

Up until now there weren’t any Ansible modules available for UCS-specific tasks. To remedy this, we developed modules based on the standard script interface of Univention Directory Manager for recurring tasks in the maintenance of the directory service with the goal of simplifying the process. These currently include the following:


These modules are included in the Ansible extra modules as of Ansible Version 2.2 and can be used accordingly with Ansible, as can other modules. If additional Ansible modules are developed in the future (and not yet included in Ansible itself), it will be possible to add them to individual projects. The following offers a brief explanation of how these additional Ansible modules can be installed and then provides a brief introduction to the modules listed above.


Additional Ansible modules can either be installed on an individual project basis or installed in the Ansible source code. For it to be possible to install additional modules for individual projects, they need to be copied into the “library” folder below the top directories of the project. This looks something like this:

$ ls
|- ansible.cfg
|- group_vars/
| |- all/
|- inventory
|- library/
| |-
| |-
| |-
| |-
| |-
| |-
| |-
|- site.yml

If the modules are installed in the Ansible source code, the entire Ansible source code needs to be cloned:

$ git clone
$ cd ansible/
$ git submodule update --init --recursive

Ansible can then be installed with the help of pip:

$ virtualenv -p /usr/bin/python2 venv
$ . venv/bin/activate
$ pip install -e ansible/

The additional Ansible modules then simply need to be copied into the ansible/lib/ansible/modules/extras/ or a subfolder. The Univention modules, for example, still belong in the subfolder univention.


To create a group with the name employee and the LDAP DN cn=employee,cn=groups,ou=company,dc=example,dc=org, you need to run the following Ansible task:

- udm_group: name=employee

If only the attribute name is specified, the group is created with the DN cn=<name>,cn=groups,<LDAP Base DN>.


A user object spans a great number of possible attributes, as such only a few are displayed below as an example. All the available attributes are documented directly in the Ansible module.

For example, to create a user Hans Muster with the user name hans.muster and the password secure_password, you need to run the following task:

- udm_user: name=hans.muster

It is also possible to specify the complete LDAP path as for udm_group. If no further data is entered, the user will be created with the LDAP DN uid=hans.muster,cn=users,dc=example,dc=com.


DNS zones do not have many possible attributes. One special aspect is that the interfaces, NS records, and MX records are defined in the zone. The interfaces are comparable with BIND 9 Views. These define where the responses to the corresponding DNS queries come from. The NS and MX records are treated specially in UCS and for this reason are configured via udm_dns_zone and not udm_dns_record.

For example, the forward zone with the responsible name server, which responds to DNS queries on the IP address,would be set up as follows:

- udm_dns_zone:


Individual DNS records can be created with udm_dns_record. Possible entries are:

  • host_record (A und AAAA Records)
  • alias (CNAME Records)
  • ptr_record
  • srv_record
  • txt_record

To add the entry IN A to the zone, you need to run the following task:

- udm_dns_zone: name=www
data=['a': '']


The module udm_share can be used to handle Samba and NFS shares. A share object contains a variety of attributes, all of which are documented in the Ansible module.

To create the share homes on the Ansible target system, you need to run the following task.

- udm_share: name=homes
host='{{ ansible_fqdn }}'

Further links

Univention Common Code
Module udm_group
Module udm_user
Module udm_dns_zone
Module udm_dns_record
Module udm_share

Use UCS Core Edition for Free!
Download now