Hi,
I’m trying to manage user accounts for a small company without central authentication system.
The goal is to:
- define default user properties centrally
- override specific properties on more specific levels like groups
More specifically I want to define the UID, home dir etc. centrally but define which users are able to log in based on the group a server belongs to.
Up until now I created a _users variable in my “common” role and added tasks for a specific project as needed.
This approach obviously doesn’t scale well and if a user is working on more than one project the user details still need to be duplicated.
I tried group_vars/all and group_vars/project but that overrides rather than appends to the list of users. (Similar to the singleplatform-eng/ansible-users role).
Perhaps tags in combination with when? could be used but I haven’t figured out how to do this and feel like this must be a more common request and I’m simply using the wrong keywords.
TIA
Bram