User account templates

5.3. User account templates#

User account templates in Nubus provide a powerful framework for standardizing user account creation across different organizational roles and purposes. This page targets functional administrators who manage and create user accounts for various purposes. This page describes how to define user account templates through the LDAP directory management module. The page explores the full range of available user attributes. It demonstrates syntax functions including case conversion, character filtering, and sub-string extraction. These features help you create dynamic, reusable templates that you use during user creation in Users module. This page has the following sections:

To manage user account templates, you need to open the LDAP directory management module. You find the module in the Domain section in the Management UI.

To select a template during user creation, you need to have at least one template defined. Fig. 5.4 shows where you select the user account template during user creation.

Select a user account template during user account creation

Fig. 5.4 Select a user account template during user account creation#

5.3.1. Create a user account template#

To create a user account template, use the following steps:

  1. Open the LDAP directory management module.

  2. Navigate to the templates container. In the container structure on the left side, select univention ‣ templates.

  3. To create a user template, click Add and select the object type Settings: User template

5.3.2. Available user account attributes#

Nubus can provide a list of available attributes, depending on your installation.

Open a shell on a UCS appliance system and run the command in Listing 5.1. Have a look at the output starting with users/user variables.

Listing 5.1 Show available attributes for a user account#
$ univention-director-manager users/user

To retrieve the available attributes for a user account in Nubus for Kubernetes, you need to use the UDM HTTP REST API. Use the following steps:

  1. Activate access to the UDM HTTP REST API. See the following sections in Univention Nubus for Kubernetes - Nubus Customization and Modification Manual [4]:

  2. Open the interactive OpenAPI schema, see API location. Navigate to the section users/user.

  3. For the available attributes, see the Schema of the users/user properties in the POST request method.

5.3.3. Value syntax in a user account template#

If you use a user account template to create a user account, the template overrides all attributes with the preset values of the template. For an empty attribute in the user account template, Nubus sets the attribute to the value "".

In a user account template, you can either define fixed values, for example for the address, or reference another attribute in the user management. User account templates support the following set of attribute value syntax:

<,>

Use angle brackets <,> to reference attributes or use syntax functions.

<:lower>, <:upper>

To convert attribute values to lowercase with <:lower> or to uppercase with <:upper>.

Examples

  • Convert an attribute to lowercase: <firstname:lower>.

  • Convert the entire field to lowercase: <lastname>@company.com<:lower>.

<:umlauts>

To convert special characters, such as è, ä, or ß to corresponding ASCII characters, use <:umlauts>.

<:alphanum>

To remove non-alphanumeric characters, such as ` (backtick) or # (hash), use <:alphanum>. If you apply the :alphanum function to the whole attribute, it removes all non-alphanumeric characters, even the @ in email addresses. To avoid this behavior, only apply the function to attribute references or add the characters to the allow list.

You can define an allow list of characters that :alphanum ignores through the UCR variable directory/manager/templates/alphanum/whitelist. The default value is "".

To define an allow list of characters in Nubus for Kubernetes that :alphanum ignores, use the following steps:

  1. Add the global.configUcr.directory.manager.templates.alphanum.whitelist Helm Chart variable to your custom_values.yaml values file and assign the characters.

  2. To activate your changes, update your Nubus installation through helm by following the steps in Apply configuration in Univention Nubus for Kubernetes - Operation Manual [1].

  3. To apply the changes, you need to restart the UMC Server pod as described in Restart UMC Server pod in Univention Nubus for Kubernetes - Operation Manual [1].

<:strip>, <:trim>

Remove all leading and trailing whitespace characters from the string.

Sub-strings

Use square brackets [,] to retrieve a sub-string of a value, or just one character. The index counting starts at 0 so that the index 1 corresponds to the second character of an attribute value. For example <firstname>[0], <firstname>[2:5].

Combine function

You can combine functions, for example <:umlauts,upper>.

Important

The user account template allows substitutions for any value. However, there’s no syntax or semantics check. Empty attribute values return an empty string.

Example

Assume the field definition <firstname>.<lastname>@example.com for an email address.

If you use the user account template to create a user account and if you don’t specify a first name, the email address starts with a period and results in an invalid email address according to the email standard.

Similar sources of error are for example file paths. Nubus removes unresolvable attributes from a field, such as typing errors in the template.