Using udm
The detailed documentation of udm you will find in developer documentation: https://docs.software-univention.de/developer-reference-5.0.html#chap:udm
udm is using udm properties and not the open ldap attributes. You will find a mapping by executing:
root@UCS:~ # python -c 'from univention.admin.handlers.users.user import mapping;print("\n".join(map("{0[0]:>30s} {0[1][0]:<30s}".format, sorted(mapping._map.items()))))'
If you are running a UCS@school environment you should not use udm for creating users as you will bypass the ucsschoollib! But you can have a look here for a valid command
udm offers a help information:
root@UCS:~ # udm --help
Also is very useful:
root@UCS:~ # udm users/<TAB><TAB>
users/contact users/ldap users/passwd users/self users/user
If you execute a incorrect command you will get a full help page:
root@UCS:~ # udm users/user modify
univention-directory-manager: command line interface for managing UCS
copyright (c) 2001-2021 Univention GmbH, Germany
Syntax:
univention-directory-manager module action [options]
univention-directory-manager [--help] [--version]
actions:
create: Create a new object
modify: Modify an existing object
remove: Remove an existing object
list: List objects
move: Move object in directory tree
-h | --help | -?: print this usage message
--version: print version information
general options:
--binddn bind DN
--bindpwd bind password
--bindpwdfile file containing bind password
--logfile path and name of the logfile to be used
--tls 0 (no); 1 (try); 2 (must)
create options:
--position Set position in tree
--set Set variable to value, e.g. foo=bar
--superordinate Use superordinate module
--option Use only given module options
--append-option Append the module option
--remove-option Remove the module option
--policy-reference Reference to policy given by DN
--ignore_exists
modify options:
--dn Edit object with DN
--set Set variable to value, e.g. foo=bar
--append Append value to variable, e.g. foo=bar
--remove Remove value from variable, e.g. foo=bar
--option Use only given module options
--append-option Append the module option
--remove-option Remove the module option
--policy-reference Reference to policy given by DN
--policy-dereference Remove reference to policy given by DN
remove options:
--dn Remove object with DN
--superordinate Use superordinate module
--filter Lookup filter e.g. foo=bar
--remove_referring remove referring objects
--ignore_not_exists
list options:
--filter Lookup filter e.g. foo=bar
--position Search underneath of position in tree
--policies List policy-based settings:
0:short, 1:long (with policy-DN)
move options:
--dn Move object with DN
--position Move to position in tree
Description:
univention-directory-manager is a tool to handle the configuration for UCS
on command line level.
Use "univention-directory-manager modules" for a list of available modules.
users/user options:
default POSIX, Samba, Kerberos and mail account
pki Public key infrastructure account
users/user variables:
General:
User account
title Title
firstname First name
lastname Last name
username (*) User name
description Description
password Password
overridePWHistory Override password history
overridePWLength Override password check
mailPrimaryAddress Primary e-mail address
emailExchange ([]) emailExchange
Personal information
displayName Display name
birthday Birthdate
jpegPhoto Picture of the user (JPEG format)
Organisation
organisation Organisation
employeeNumber Employee number
employeeType Employee type
secretary ([]) Superior
Groups:
Primary group
primaryGroup Primary group
Additional groups
groups ([]) Groups
Account:
Deactivation
disabled Account is deactivated
userexpiry Account expiry date
Locked login
pwdChangeNextLogin User has to change password on next login
passwordexpiry Password expiry date
unlock Unlock account
unlockTime Lockout till
Activation
accountActivationDate Activate user account starting from
Windows
homedrive Windows home drive
sambahome Windows home path
scriptpath Windows logon script
profilepath Windows profile directory
sambaRID Relative ID
sambaPrivileges ([]) Samba privilege
sambaLogonHours Permitted times for Windows logins
sambaUserWorkstations ([]) Allow the authentication only on this Microsoft Windows host
POSIX (Linux/UNIX)
unixhome Unix home directory
shell Login shell
uidNumber User ID
gidNumber Group ID of the primary group
homeShare Home share
homeSharePath Home share path
SAML settings
serviceprovider ([]) Enable user for the following service providers
Mail:
Advanced settings
mailAlternativeAddress ([]) Alternative e-mail address
mailHomeServer Mail home server
mailUserQuota Mail quota (MB)
Mail forwarding
mailForwardCopyToSelf Forwarding setting
mailForwardAddress ([]) Forward e-mail address
Contact:
Business
e-mail ([]) E-mail address
phone ([]) Telephone number
roomNumber ([]) Room number
departmentNumber ([]) Department number
street Street
postcode Postal code
city City
country Country
Private
homeTelephoneNumber ([]) Private telephone number
mobileTelephoneNumber ([]) Mobile phone number
pagerTelephoneNumber ([]) Pager telephone number
homePostalAddress ([]) Private postal address
Apps:
UMC preferences:
UMC preferences
umcProperty ([]) UMC user preferences
Certificate:
General
userCertificate (pki) PKI user certificate (DER format)
Subject
certificateSubjectCommonName (pki) Subject Common Name
certificateSubjectMail (pki) Subject Mail
certificateSubjectOrganisation (pki) Subject Organisation
certificateSubjectOrganisationalUnit (pki) Subject Organisational Unit
certificateSubjectLocation (pki) Subject Location
certificateSubjectState (pki) Subject State
certificateSubjectCountry (pki) Subject Country
Issuer
certificateIssuerCommonName (pki) Issuer Common Name
certificateIssuerMail (pki) Issuer Mail
certificateIssuerOrganisation (pki) Issuer Organisation
certificateIssuerOrganisationalUnit (pki) Issuer Organisational Unit
certificateIssuerLocation (pki) Issuer Location
certificateIssuerState (pki) Issuer State
certificateIssuerCountry (pki) Issuer Country
Validity
certificateDateNotBefore (pki) Valid from
certificateDateNotAfter (pki) Valid until
Misc
certificateVersion (pki) Version
certificateSerial (pki) Serial
Guacamole:
Guacamole
guacamoleActivated Activate user for Guacamole
Rocket.Chat:
Rocket.Chat
rocketchatActivated Activate user for Rocket.Chat
OX App Suite:
Open-Xchange
isOxUser Activate User in OX (unchecking will delete!)
oxContext OX context
oxDisplayName OX Display Name
oxAccess OX Access
oxLanguage Default language
oxTimeZone Default timezone
Business
oxMiddleName Middle name
oxSuffix Name suffix
oxNickName Nickname
oxNote Comments
oxMobileBusiness Mobile business
oxFaxBusiness Fax business
oxInstantMessenger1 IM business
oxTelephoneCompany Telephone exchange
oxTelephoneIp VoIP
oxTelephoneCar Car phone
oxTelephoneTelex Telex
oxTelephoneTtydd Text phone
oxStateBusiness State business
oxCountryBusiness Country business
oxPosition Position
oxDepartment Department
oxBranches Branches
oxManagerName Manager
oxTelephoneAssistant Assistant
oxTaxId Tax ID
oxCommercialRegister Commercial Register
oxSalesVolume Sales volume
oxUrl URL
Private
oxStreetHome Street private
oxPostalCodeHome Post code private
oxCityHome City private
oxStateHome State private
oxCountryHome Country private
oxEmail2 Email private
oxFaxHome Fax private
oxInstantMessenger2 IM private
oxBirthday Date of birth (YYYY-MM-DD)
oxAnniversary Anniversary (YYYY-MM-DD)
oxNumOfChildren Children
oxMarialStatus Marital status
oxSpouseName Spouse`s name
oxProfession Profession
Contact other
oxStreetOther Street other
oxPostalCodeOther Postalcode other
oxCityOther City other
oxStateOther State other
oxCountryOther Country other
oxTelephoneOther Telephone other
oxFaxOther Fax other
oxEmail3 Email other
Optional settings
oxUserfield01 Optional 1
oxUserfield02 Optional 2
oxUserfield03 Optional 3
oxUserfield04 Optional 4
oxUserfield05 Optional 5
oxUserfield06 Optional 6
oxUserfield07 Optional 7
oxUserfield08 Optional 8
oxUserfield09 Optional 9
oxUserfield10 Optional 10
oxUserfield11 Optional 11
oxUserfield12 Optional 12
oxUserfield13 Optional 13
oxUserfield14 Optional 14
oxUserfield15 Optional 15
oxUserfield16 Optional 16
oxUserfield17 Optional 17
oxUserfield18 Optional 18
oxUserfield19 Optional 19
oxUserfield20 Optional 20
Custom:
SAP-Login SAP Login
externalSystemLogin:
MySPLogin external login data
GitLab Enterprise Edition (Beta):
GitLab Enterprise Edition (Beta)
gitlabActivated Activate user for GitLab Enterprise Edition (Beta)
Nextcloud:
nextcloudQuota Nextcloud Quota
nextcloudEnabled Access to Nextcloud
The content printed depends on installed apps and extensions.