ipauser: User module extension

The ipauser module now supports all user settings and additionally to ensure
the presence of several users with the new users setting. The users setting
can also be used with other states, but it has to be limited to only contain
the name of the users.

There updated user management module is placed in the plugins folder:

  plugins/modules/ipauser.py

The user module now additionally allows to handle these user settings:

  initials
  principalexpiration
  random
  city
  userstate
  postalcode
  mobile
  pager
  fax
  orgunit
  manager
  carlicense
  sshpubkey
  userauthtype
  userclass
  radius
  radiususer
  departmentnumber
  employeenumber
  employeetype
  preferredlanguage
  certificate
  certmapdata
  noprivate
  nomembers

Here is the updated documentation for the module:

  README-user.md

New example playbooks have been added:

  playbooks/user/user_certificate_absent.yml
  playbooks/user/user_certificate_present.yml
  playbooks/user/user_present.yml
  playbooks/user/users_absent.yml
  playbooks/user/users_certificate_absent.yml
  playbooks/user/users_certificate_present.yml
  playbooks/user/users_present.yml
  plugins/modules/ipauser.py

New tests added for ipauser:

  tests/user/certificate/cert1.der
  tests/user/certificate/cert1.pem
  tests/user/certificate/cert2.der
  tests/user/certificate/cert2.pem
  tests/user/certificate/cert3.der
  tests/user/certificate/cert3.pem
  tests/user/certificate/private1.key
  tests/user/certificate/private2.key
  tests/user/certificate/private3.key
  tests/user/certificate/test_user_certificate.yml
  tests/user/certificate/test_users_certificate.yml
  tests/user/certmapdata/test_user_certmapdata.yml
  tests/user/certmapdata/test_user_certmapdata_issuer_subject.yml
  tests/user/certmapdata/test_users_certmapdata.yml
  tests/user/test_user.yml
  tests/user/test_users.yml
  tests/user/test_users_absent.yml
  tests/user/test_users_invalid_cert.yml
  tests/user/test_users_present.yml
  tests/user/test_users_present_slice.yml
  tests/user/users_absent.json
  tests/user/users_absent.sh
  tests/user/users_present.json
  tests/user/users_present.sh

README-user.md

@@ -41,7 +41,7 @@ ipaserver.test.local
 ```
 
 
-Example playbook to add users:
+Example playbook to ensure a user is present:
 
 ```yaml
 ---
@@ -50,7 +50,7 @@ Example playbook to add users:
   become: true
 
   tasks:
-  # Create user pinky
+  # Ensure user pinky is present
   - ipauser:
       ipaadmin_password: MyPassword123
       name: pinky
@@ -64,7 +64,7 @@ Example playbook to add users:
       password: "no-brain"
       update_password: on_create
 
-  # Create user brain
+  # Ensure user brain is present
   - ipauser:
       ipaadmin_password: MyPassword123
       name: brain
@@ -74,6 +74,75 @@ Example playbook to add users:
 `update_password` controls if a password for a user will be set in present state only on creation or every time (always).
 
 
+These two `ipauser` module calls can be combined into one with the `users` variable:
+
+```yaml
+---
+- name: Playbook to handle users
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  # Ensure users pinky and brain are present
+  - ipauser:
+      ipaadmin_password: MyPassword123
+      users:
+      - name: pinky
+        first: pinky
+        last: Acme
+        uid: 10001
+        gid: 100
+        phone: "+555123457"
+        email: pinky@acme.com
+        passwordexpiration: "2023-01-19 23:59:59"
+        password: "no-brain"
+      - name: brain
+        first: brain
+        last: Acme
+      update_password: on_create
+```
+
+You can also alternatively use a json file containing the users, here `users_present.json`:
+
+```json
+{
+  "users": [
+    {
+      "name": "user1",
+      "first": "First 1",
+      "last": "Last 1"
+    },
+    {
+      "name": "user2",
+      "first": "First 2",
+      "last": "Last 2"
+    },
+    ...
+  ]
+}
+```
+
+And ensure the presence of the users with this example playbook:
+
+```yaml
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Include users_present.json
+    include_vars:
+      file: users_present.json
+
+  - name: Users present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users: "{{ users }}"
+```
+
+
 Example playbook to delete a user, but preserve it:
 
 ```yaml
@@ -91,6 +160,28 @@ Example playbook to delete a user, but preserve it:
       state: absent
 ```
 
+This can also be done with the `users` variable containing only names, this can be combined into one module call:
+
+Example playbook to delete a user is absent, but preserved:
+
+```yaml
+---
+- name: Playbook to handle users
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  # Remove but preserve user pinky
+  - ipauser:
+      ipaadmin_password: MyPassword123
+      users:
+      - name: pinky
+      preserve: yes
+      state: absent
+```
+
+This can also be done as an alternative with the `users` variable containing only names.
+
 
 Example playbook to undelete a preserved user.
 
@@ -108,6 +199,8 @@ Example playbook to undelete a preserved user.
       state: undeleted
 ```
 
+This can also be done as an alternative with the `users` variable containing only names.
+
 
 Example playbook to disable a user:
 
@@ -125,6 +218,8 @@ Example playbook to disable a user:
       state: disabled
 ```
 
+This can also be done as an alternative with the `users` variable containing only names.
+
 
 Example playbook to enable users:
 
@@ -142,6 +237,8 @@ Example playbook to enable users:
       state: enabled
 ```
 
+This can also be done as an alternative with the `users` variable containing only names.
+
 
 Example playbook to unlock users:
 
@@ -160,7 +257,7 @@ Example playbook to unlock users:
 ```
 
 
-Example playbook to delete users:
+Example playbook to ensure users are absent:
 
 ```yaml
 ---
@@ -169,13 +266,34 @@ Example playbook to delete users:
   become: true
 
   tasks:
-  # Remove user pinky and brain
+  # Ensure users pinky and brain are absent
   - ipauser:
       ipaadmin_password: MyPassword123
       name: pinky,brain
       state: absent
 ```
 
+This can also be done as an alternative with the `users` variable containing only names.
+
+
+Example playbook to ensure users are absent:
+
+```yaml
+---
+- name: Playbook to handle users
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  # Ensure users pinky and brain are absent
+  - ipauser:
+      ipaadmin_password: MyPassword123
+      users:
+      - name: pinky
+      - name: brain
+      state: absent
+```
+
 
 Variables
 =========
@@ -183,11 +301,28 @@ Variables
 ipauser
 -------
 
+**General Variables:**
+
 Variable | Description | Required
 -------- | ----------- | --------
 `ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
 `ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
-`name` | The list of user name strings. | no
+`name` | The list of user name strings. `name` with *user variables* or `users` containing *user variables* need to be used. | no
+**User variables** | Only used with `name` variable in the first level. | no
+`users` | The list of user dicts. Each `users` dict entry can contain **user variables**.<br>There is one required option in the `users` dict:| no
+&nbsp; | `name` - The user name string of the entry. | yes
+&nbsp; | **User variables** | no
+`preserve` | Delete a user, keeping the entry available for future use. (bool) | no
+`update_password` | Set password for a user in present state only on creation or always. It can be one of `always` or `on_create` and defaults to `always`. | no
+`preserve` | Delete a user, keeping the entry available for future use. (bool)  | no
+`state` | The state to ensure. It can be one of `present`, `absent`, `enabled`, `disabled`, `unlocked` or `undeleted`, default: `present`. Only `names` or `users` with only `name` set are allowed if state is not `present`. | yes
+
+
+
+**User Variables:**
+
+Variable | Description | Required
+-------- | ----------- | --------
 `first` \| `givenname` | The first name string. | no
 `last` | The last name | no
 `fullname` \| `cn` | The full name string. | no
@@ -195,17 +330,40 @@ Variable | Description | Required
 `homedir` | The home directory string. | no
 `shell` \| `loginshell` | The login shell string. | no
 `email` | List of email address strings. | no
-`principalname` \| `krbprincipalname` | The kerberos principal sptring. | no
+`principal` \| `principalnam` \| `krbprincipalname` | The kerberos principal sptring. | no
+`principalexpiration` \| `krbprincipalexpiration` | The kerberos principal expiration date. Possible formats: `YYYYMMddHHmmssZ`, `YYYY-MM-ddTHH:mm:ssZ`, `YYYY-MM-ddTHH:mmZ`, `YYYY-MM-ddZ`, `YYYY-MM-dd HH:mm:ssZ` or `YYYY-MM-dd HH:mmZ`. The trailing 'Z' can be skipped. | no
 `passwordexpiration` \| `krbpasswordexpiration` | The kerberos password expiration date. Possible formats: `YYYYMMddHHmmssZ`, `YYYY-MM-ddTHH:mm:ssZ`, `YYYY-MM-ddTHH:mmZ`, `YYYY-MM-ddZ`, `YYYY-MM-dd HH:mm:ssZ` or `YYYY-MM-dd HH:mmZ`. The trailing 'Z' can be skipped. | no
 `password` | The user password string. | no
+`random` | Generate a random user password | no
 `uid` \| `uidnumber` | The UID integer. | no
 `gid` \| `gidnumber` | The GID integer. | no
+`city` | City | no
+`userstate` \| `st` | State/Province | no
+`postalcode` \| `zip` | Postalcode/ZIP | no
 `phone` \| `telephonenumber` | List of telephone number strings, | no
+`mobile` | List of mobile telephone number strings. | no
+`pager` | List of pager number strings. | no
+`fax` \| `facsimiletelephonenumber` | List of fax number strings. | no
+`orgunit` | The Organisation unit. | no
 `title` | The job title string. | no
-~~`sshpubkey` \| `ipasshpubkey`~~ | ~~List of SSH public keys.~~ | ~~no~~
-`update_password` | Set password for a user in present state only on creation or always. It can be one of `always` or `on_create` and defaults to `always`. | no
-`preserve` | Delete a user, keeping the entry available for future use. (bool)  | no
-`state` | The state to ensure. It can be one of `present`, `absent`, `enabled`, `disabled`, `unlocked` or `undeleted`, default: `present`. | yes
+`manager` | List of manager user names. | no
+`carlicense` | List of car licenses. | no
+`sshpubkey` \| `ipasshpubkey` | List of SSH public keys. | no
+`userauthtype` | List of supported user authentication types. Choices: `password`, `radius` and `otp` | no
+`userclass` | User category. (semantics placed on this attribute are for local interpretation). | no
+`radius` | RADIUS proxy configuration  | no
+`radiususer` | RADIUS proxy username | no
+`departmentnumber` | Department Number | no
+`employeenumber` | Employee Number | no
+`employeetype` | Employee Type | no
+`preferredlanguage` | Preferred Language | no
+`certificate` | List of base-64 encoded user certificates. | no
+`certmapdata` | List of certificate mappings. Either `certificate` or `issuer` together with `subject` need to be specified. <br>Options: | no
+&nbsp; | `certificate` - Base-64 encoded user certificate | no
+&nbsp; | `issuer` - Issuer of the certificate | no
+&nbsp; | `subject` - Subject of the certificate | no
+`noprivate` | Do not create user private group. (bool) | no
+`nomembers` | Suppress processing of membership attributes. (bool) | no
 
 
 Authors

playbooks/user/user_certificate_absent.yml

@@ -0,0 +1,16 @@
+---
+- name: Test user certificates
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: User test cert absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certificate:
+      - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+      - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+      - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH
+      state: absent

playbooks/user/user_certificate_present.yml

@@ -0,0 +1,15 @@
+---
+- name: Test user certificates
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: User test cert present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certificate:
+      - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+      - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+      - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH

playbooks/user/user_present.yml

@@ -0,0 +1,40 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: User pinky present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      uid: 10001
+      gid: 100
+      phone: "+555123457"
+      email: pinky@acme.com
+      principalexpiration: "20220119235959"
+      passwordexpiration: "2022-01-19 23:59:59"
+      first: pinky
+      last: Acme
+      initials: pa
+      principal: pa
+      random: yes
+      city: PinkyCity
+      userstate: PinkyState
+      postalcode: 321
+      mobile: "+555123458,+555123459"
+      pager: "+555123450,+555123451"
+      fax: "+555123452,+555123453"
+      orgunit: PinkyOrgUnit
+      manager: manager1,manager2
+      update_password: on_create
+      carlicense: PinkyCarLicense1,PinkyCarLicense2
+      userauthtype: password,radius,otp
+      userclass: PinkyUserClass
+      departmentnumber: "1234"
+      employeenumber: "0815"
+      employeetype: "PinkyExmployeeType"
+      preferredlanguage: "en"
+      noprivate: yes
+      nomembers: false

playbooks/user/users_absent.yml

@@ -0,0 +1,42 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Users user1..10 absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: user1
+        givenname: user1
+        last: Last
+      - name: user2
+        first: user2
+        last: Last
+      - name: user3
+        first: user3
+        last: Last
+      - name: user4
+        first: user4
+        last: Last
+      - name: user5
+        first: user5
+        last: Last
+      - name: user6
+        first: user6
+        last: Last
+      - name: user7
+        first: user7
+        last: Last
+      - name: user8
+        first: user8
+        last: Last
+      - name: user9
+        first: user9
+        last: Last
+      - name: user10
+        first: user10
+        last: Last
+      state: absent

playbooks/user/users_certificate_absent.yml

@@ -0,0 +1,17 @@
+---
+- name: Test user certificates
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: User test cert absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certificate:
+        - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+        - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+        - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH
+      state: absent

playbooks/user/users_certificate_present.yml

@@ -0,0 +1,16 @@
+---
+- name: Test user certificates
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: User test cert present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certificate:
+        - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+        - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+        - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH

playbooks/user/users_present.yml

@@ -0,0 +1,41 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Users user1..10 present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: user1
+        first: user1
+        last: Last
+      - name: user2
+        first: user2
+        last: Last
+      - name: user3
+        first: user3
+        last: Last
+      - name: user4
+        first: user4
+        last: Last
+      - name: user5
+        first: user5
+        last: Last
+      - name: user6
+        first: user6
+        last: Last
+      - name: user7
+        first: user7
+        last: Last
+      - name: user8
+        first: user8
+        last: Last
+      - name: user9
+        first: user9
+        last: Last
+      - name: user10
+        first: user10
+        last: Last

tests/user/certificate/cert1.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4
+MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJm
+OVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQb
+CYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmsp
+sir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzY
+Z2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15
+RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdx
+pOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8
+DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsG
+Lv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOs
+OblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMA
+vTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePK
+iNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyj
+i8r3
+-----END CERTIFICATE-----

tests/user/certificate/cert2.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4
+NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3V
+fJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSY
+OKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv
+1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCk
+VOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0
+KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVr
+ID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFM
+HRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdot
+IWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe
+4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbp
+FbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN
+0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81t
+scJV
+-----END CERTIFICATE-----

tests/user/certificate/cert3.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4
+NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN
+0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2
+tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+
+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7
+c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu
+4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Pp
+e0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCV
+WQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OE
+P4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/W
+PB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQ
+crwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAu
+DH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3vo
+MyBH
+-----END CERTIFICATE-----

tests/user/certificate/private1.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDER/lB8wUAmPTS
+wSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fk
+Gv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJ
+rrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWd
+cXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQ
+bF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRB
+oDlQl6DnAgMBAAECggEBALtKTj6urHxId3xPEKsQR6Noglgp4Qx/Y687W6hWsLAG
+051CV+PmtSF2DaZ7XX9U6PLTydzL68RqHjArzhKgmE+WoAYrot5QWQJNqpQYZ19o
+uDQW4YYpn/+BTgUKkUNnGm+BqTt8b5QyJxoNHsy4ppZMDnBtomCfrgYxGPr2YmfZ
+Ee7oEEf1xIU2maE5Nxv97lNR2Xvm2R4F8lzRcHmvejLYNiqZ2Ag4ijnKVTpoEMUy
+afl5LNSzGJETXsv+LtaJGEr6x8/IesVSCdyX2LZeAyQPLKwb3YQDkQree54vwS7p
+cVmQdx6fLTYV1tOSXUEC2ibInO188kGA198HSqSgHJkCgYEA7zhL+6tYZdXoMzTH
+hXHLYGHmQsQXxleH5uciz4q+en7do6BFB2DqIgLTpcD/H8XMDlg9WO7756H1zqvb
+6IOkqwsrro/fsgb6FrmjXl8zlkwT3pTNJfmBydRf7Qk2woCRPUoLZBRAumNL8RSx
+Xm1/DbPbTR3jjVNH9dPb3Efd0qUCgYEA0gyesMgwDzjsXpPUsuWTMBMziy0KRFNT
+lCMCI5DVpy/XnptyLdkY93jvmq+VWbily4KlOYbfYJ/16xeNZ7aNOMnC6z4z9p9+
+w3E9q5xKJcAJP5kN/WnjBwErveDK9r1YSj8RJpvapJFqjxA5WVTwADtyBhgNS4Og
+mXPPBleMC5sCgYEA0Yw/AvXVOV9nR3O0UvCbdpJLYbDkIpoKMfnGRIcE08jN3cdG
+sG/0qFZRj6C/2tUpKmehVYYCo6T77U4eFE88r5fZa9Ab45a4+68hrEk4py99ODyg
+d+NYDbQ7Uyf/D+IPV+DEmaYkDSFuJIA73ruL0DT8pVDJQ8LwBibPMObDKQECgYBa
+aUYxD6noE3diaj1GV5zYN5ubD2L47+jsvXjhOClOkkA8K+qko2qksrBno6YkfV8X
+zv8xWMVzgMbIT1X1S1VUGTxGJ3sUb6iPlYGXCWm9AAC7GDU2W8p1rGJYk5apR+zl
+4GmQdctRxKnaNICK3A2F/BBjYRzv4RNSmc+Fik9kewKBgHsCF3uEP7ONvmEjYLQ4
+7+6fZ+m4BXKeU/kKQoEXSjSFn0dBIHo+2yuafSUz04VJCVXUic3c47kHwVtgX5lu
+jEUL1jgK4aBbl9cvywupHBf3spAP89aocgFiC9uUJzp3u39U0LpgXY7Z+1lUsCL+
+VG2oGh0KVgazjUzmbTf9ZcLp
+-----END PRIVATE KEY-----

tests/user/certificate/private2.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCWzJibKtN8Zf7L
+gandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJij
+J7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG
+7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4
+QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4r
+ZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R
+1mG4RJ2XAgMBAAECggEAS5nXCDO4Qy1/R9eBqXLF+mMztpGWoMMhwQZ3ld+DXw+9
+bfVuAOU1FWRNwjHqTQg6pYJ/Oer5tzj3rRRC8dBLgckb078Nn9t125oFYHU3LHVm
+KJFm5yxHJaE94vLFVhbl0lxeIbmqj2gW7rq+tRpaU5TXEIzNyr6hKQZv5LLPuMx6
+MiBrSpkCwfPf9psv6k2GIGqE1JuY99dNqdEUi8UQryNMzV4pthUmVybO8NPxUY8M
+s/VAbG1Hy9tgInR3wRgTjEc2ejUJrTziiqiZarZtCp+JSZufYakDU9yZbu9v4Oz9
+ityPdApkW8CuZnJcUDAtdgtKMhWyBPnWcrUgkbV0AQKBgQDGY1saiI9M7VlleyDc
+QNVXpPCmOpDLso5X3hZrrHDgDIGkvXa026Q5ufkdxkybRYJeOCdYzIM/iXSJlgNe
+R2a+aoAsePfEVFAe96ZgzrLrBq7lGvcPXGpT6GTVl0d0CwN/vG1Tzk89Hq3xIBbh
+NTlM+j2ot66xgekIsE0v5Pi41wKBgQDCl14mgaui4DqYFYlI/ckI00r/X0/0HIhf
+kf/Ck/pkF89IeOAK+O4GOfVoMk3vi1gDYgiz6G7h+sUsFTOYKuP9io/vX0pIFNOA
+NPgaVtRKitiepNo4vwc+/PRmxvf2XXFXFRSiYf0jDzruvE3yDzWwX9P1nQFBQoPj
+r8g/6+7pQQKBgDXHnVzWBDLQbNmLxV6v3KXDutD1M2dk4h2DwQQzXO3/te1YxyNE
+H4LenV+q7/1vnGW6R0BVQIcq1gKuPf+Cz6Fy8Ygcyt3YFVgvvlSj8/CugR7ubmcl
+oFVavGsCdYZJrgsko2aCmQxykqi5EDrA2OW7OJfSI3NPSkLmuCXxplNFAoGBALHD
+D5pDqOTAzCY0vlY0qNrsEr4ZdvO8wQP1XtyEzB919MDy01CSuPZtKfeGxNWIyN1G
+SEb5lZnQuSCdOaXPwLjURMralQQmKlQbj26YVZTHJD5AwK1ILTloYWgmaUzhbfGs
+a04wD8xgVGjVEquHI3e9AueEBypztgJgiaGDSZxBAoGADpxUn3L6lJrPyOd3IJrj
+ypU/EfvY7Qd5pRTrJd9tObbi8zF1sWi/FcQNgoZP7oz/aklFfq8WWwJbe0fL1Wk/
+MeVHj8JEc/dh1ISgbHYdBgegvS6L30RcNRUJWANYcifEQPlSHTzYXviQ8tEOCq+S
+/TPqxnd2CkT6w3bSCJbxKVM=
+-----END PRIVATE KEY-----

tests/user/certificate/private3.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCA+6P2eieXHaV
+JivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/
+c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqD
+yT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nk
+Wa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWER
+NjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwY
+vup0EmEfAgMBAAECggEAdEgFAGSbHebPD79sDnq9gcf3QgjuVU/lcbAMPf5W4GJr
+3WvItAPMJwwxgkL9/vmeSN37kY/0BuvB+yPStnYM2WJQPX0s+V+A6RZGzJWIAzh1
+01RUIwYR3XxE9wv7s3W5eNFS9DpI8OS9h3TjndJVSy8Gtc0SFP6l839S8dGQfiyN
+eMqV16M+TM0LwyEogvGa79l4HjMIcorypCXg8NVcDaxNJYnAcegoRwdhGsb4jKG6
+kB+Z4dfAKLu7OFT6/20Q0QUdA/PrdBRAFt8KPhrrweKaAApVtrU0OHNs9ULFHXnu
+kSVKZ+UTCUGWxMd4lJw5XZQ4FqUdb8Sxt8TUuvRioQKBgQDy6zY1EiqsDZE+sJbd
+/jnUWn+I4/xR5y4KmbEx76dWL39TooyiHYKABJQ9BgvBIXi95AXaRodwn12DhaW7
+VW0m4RgJH/FNZoxc9xOE2+EPr2pQGn6bvJK9IjsITDoAmDbguzMZ+TCDGZqIYiIE
+GTcgeW7NOBYM2Qy8Ufqe9zfV0QKBgQDMdo426TPxdU6Gb8AVOFFuXlL6Py0Sxk0q
+pEAhyEzCKV9HM1eX8aDrJ5++lFiMwlhkYRrWVBENPyhPgWo9sMATJM0AIsBKTSyg
+rVuqlaU8e+Pqyl8ZMOZ6uMq3zLts/Vp1sX5yU8vw5FqMddMas6SMpIoPEIAiJlse
+CujyJ29T7wKBgQCiQnry+C+IvYdHWK1tm2MFdW27Ao6IJuOaMQ8rS+l6qD9kni9S
+GmQRHv3lxSQU3UbJkIZYRsQxdkIAmEUb3PQMBE8JyUxlZxpa/q8LD9RFpeZdm1T2
+sf9SVosX/9K+ku4VLvXzY4AEEhYnA2W1VyJ7jqF0cwJHkrPvFtNRW9DwAQKBgCRi
+6NYu1DahSLM2Cfn8xskccinkulHABpWTG3KnoblgAXu7UFhTAO84Yv5YihWqtG5Q
+taT02v//gF39yvlljhkaEH14sb3HVCzYDRsjfH9yENKE5z2lbS7j2fexsJ0pzUJq
+rvULopyhFtguU75Jv/vjgEpEBnmNV+PVzzTg/bfzAoGAGz11E33qpZjVw6becf9w
+U8qnPfncIqSCg0fWNnsYwD56vI9L2ExCZG//SOUZ54b8GW+RaTFDHOlIE8dRAhrF
+M5QnEjm2S+wVPJz7gKQ3cVART8EPi/Q6BT7YIgNIhemq+AwW5xMhZcBiA3vRI/Eu
+vi807exD569efFLa9uspI8o=
+-----END PRIVATE KEY-----

tests/user/certificate/test_user_certificate.yml

@@ -0,0 +1,92 @@
+#
+# Generate self-signed certificates using openssl:
+#
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private1.key -out cert1.pem -subj '/CN=test'
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private2.key -out cert2.pem -subj '/CN=test'
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private3.key -out cert3.pem -subj '/CN=test'
+#
+# Convert the certificate do DER for easier handling through CLI
+#
+#   openssl x509 -outform der -in cert1.pem -out cert1.der
+#   openssl x509 -outform der -in cert2.pem -out cert2.der
+#   openssl x509 -outform der -in cert3.pem -out cert3.der
+#
+# Use base64:
+#
+#  base64 cert1.der -w5000
+#  base64 cert2.der -w5000
+#  base64 cert3.der -w5000
+#
+---
+- name: Test user certificates
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: User test present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      first: test
+      last: test
+
+  - name: User test cert members present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certificate:
+      - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+      - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+      - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User test cert members present again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      first: test
+      last: test
+      certificate:
+      - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+      - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+      - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User test cert members absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certificate:
+      - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+      - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+      - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH
+      state: absent
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User test cert members absent again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certificate:
+      - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+      - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+      - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH
+      state: absent
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User test absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      state: absent
+    register: result
+    failed_when: not result.changed

tests/user/certificate/test_users_certificate.yml

@@ -0,0 +1,103 @@
+#
+# Generate self-signed certificates using openssl:
+#
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private1.key -out cert1.pem -subj '/CN=test'
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private2.key -out cert2.pem -subj '/CN=test'
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private3.key -out cert3.pem -subj '/CN=test'
+#
+# Convert the certificate do DER for easier handling through CLI
+#
+#   openssl x509 -outform der -in cert1.pem -out cert1.der
+#   openssl x509 -outform der -in cert2.pem -out cert2.der
+#   openssl x509 -outform der -in cert3.pem -out cert3.der
+#
+# Use base64:
+#
+#  base64 cert1.der -w5000
+#  base64 cert2.der -w5000
+#  base64 cert3.der -w5000
+#
+---
+- name: Test user certificates
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: User test absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+      state: absent
+
+  - name: User test present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        first: test
+        last: test
+
+  - name: User test cert members present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certificate:
+        - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+        - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+        - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User test cert members present again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certificate:
+        - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+        - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+        - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User test cert members absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certificate:
+        - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+        - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+        - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH
+      state: absent
+      action: member
+    #register: result
+    #failed_when: not result.changed
+
+  - name: User test cert members absent again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certificate:
+        - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+        - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+        - MIIC/zCCAeegAwIBAgIUTC33WUoYGFoIVGMwgjbc5J6xCyowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NTJaFw0yMDEwMTMxNjI4NTJaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCA+6P2eieXHaVJivtWif7SntjjkJm0juRKRRGsT3wt+zCZqoDe8zylTBN0mse/POWXdC+zXRMC2X/c4V10kgrvWbnNdFdUFfBUphiXSoqnUYHZ6Ta+b4UTzC2tECSUEnSCz9n1ofHnyqDyT9FELzVkRkQqexD+BFgZTF39R4q8BA4bWKQy94Kgvb+IP77+ou4fhkBLI1MX5nkWa3Oyu4TMzT/tqgPE70hk8wQzUU2aiwJ7IsmnWE6Ysk7c4DYMJQF/51bi2ByZWERNjyBY6L+ZV90aL4UFR9O+Pw9HatfHVBRdmzSkKJOr9iu4summWgH0QYDmbkdhGwYvup0EmEfAgMBAAGjUzBRMB0GA1UdDgQWBBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAfBgNVHSMEGDAWgBSJCQ8ho0Ppe0khVhgiMqsvlgxIjzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAILLPnau32r/YoOVCVWQotGtySy36aFlHa3T8IkSpatNCPIf3U0FWS6TVYBwY0PBfdqWBkvCuJTupLh0OEP4TCsDa5pJGOK7blyfiAfcHajqyouACSVNlG63EPvB63h4H4F4HJnhDd4z7pVC/WPB8w5GTBJNjELmeWfH7nj7lu8UkOdLhzTKL40RPs0k4l09yYBmZqqExxGsSfvRBQcrwlAsvQ0E/cTNGbyzOKs3SbOM2WEHye6xNEsey01icYcjfjqvEd6mw3+WOUeJAuDH9/EOloFM2iz5Xp31Ig3WT0RVy+lMriG9GesPpFBs2xp9wQCXLNIkpbHKyYs3voMyBH
+      state: absent
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User test absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+      state: absent
+    register: result
+    failed_when: not result.changed

tests/user/certmapdata/test_user_certmapdata.yml

@@ -0,0 +1,160 @@
+#
+# Generate self-signed certificates using openssl:
+#
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private1.key -out cert1.pem -subj '/CN=test1'
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private2.key -out cert2.pem -subj '/CN=test2'
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private3.key -out cert3.pem -subj '/CN=test2'
+#
+# Convert the certificate do DER for easier handling through CLI
+#
+#   openssl x509 -outform der -in cert1.pem -out cert1.der
+#   openssl x509 -outform der -in cert2.pem -out cert2.der
+#   openssl x509 -outform der -in cert3.pem -out cert3.der
+#
+# Use base64:
+#
+#  base64 cert1.der -w5000
+#  base64 cert2.der -w5000
+#  base64 cert3.der -w5000
+#
+---
+- name: Test user certmapdata
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: User test absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      state: absent
+
+  - name: User test present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      first: test
+      last: test
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - certificate: MIIDATCCAemgAwIBAgIUFDZuUg9kBvN+ubTBaS6d62KafvQwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDEwHhcNMTkxMDE0MTk0ODM4WhcNMjAxMDEzMTk0ODM4WjAQMQ4wDAYDVQQDDAV0ZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrwv6KuOIZMxjp9aueRgJWKns7P7Oo8lo4ojBVhyB3K11+1OifLqfo2SL9HPx9XynvouMj+XnqbY+NRLOX9wPYAvA7rXUgN1zQYK5stCCTjW0V4QloHnMUPM0shIuErcTP1UMatzTaFxd+UkvZCMNbE9jXHeCd3uDYoqA8Y4yRuqQ4HcnbB7DyMNZHaSCHxQCvZzllJA9m1b+c2sO3l7008PibG5RSpPnrjMUeH4yzjaB8R7A/WApAA1g5bn+IXD2dDsbdHAVFdzqwkxxLlacD8pbM7jWtCI+qJwE6dXpPb5WRkUz3tZLkEW7EQJAi3TMy//hF/SobEul3WVjiO/HUCAwEAAaNTMFEwHQYDVR0OBBYEFCkUPLMp0M5rgxHNAYuunGM0if/vMB8GA1UdIwQYMBaAFCkUPLMp0M5rgxHNAYuunGM0if/vMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI7gj1VllrF0eRqPP9xtSqWla+qGMpHUWur1yIoy3R8I7LV3muQpbgxsfOyH2PHj69v+8yvI5einvOXJVgJxcn/ERxm/prIdo+QlK4O/SDdswJWfjCaDlk03PzjDzHXeEWRwDFV9zpRx/hjLUn8knwBOSbUE8ImUGt37ZBMBsz++y+oCZJVxzwZgcXZ3L4yuhJ0l48Cz+2EEoYN08gJqNk1EzmpBcAYJJ0Ai1psFqu12b32fNIhWSSf5THldqNefdpBlMo5ZtC9wE//NTml+nebA1FJDSppTMfHP/rTb/wfNx5vc5KLYYR9wZUUUDeJhdNPlBZZuuVbn29X6a4teoBk=
+      - certificate: MIIDATCCAemgAwIBAgIUK2Sa8/xr/4H9BOB0K0SswbVmmMcwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDIwHhcNMTkxMDE0MTk0ODM1WhcNMjAxMDEzMTk0ODM1WjAQMQ4wDAYDVQQDDAV0ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQdGqRUTNCptUsZxVe03YTYyhg6+ovidYP9bPPsCS1FzOTCKV9maFv4GHGEI455lkGowW3okT2DPC5pgtH43vZkDtjXNy1JDyg1y4OmxfiAg4Uc0W9DnakvEokVyt44WRzXjlv2CBO+A7Zon8z3aJwKKCV4EfpuvRw/npqhrnGF/w/n7NXyeRXI6lom9hqIQzJoRjXrMIEbtzM8m2GWlFq8af1KJ+Cmm25c87aeyu7I0+BRCq21pwcyQ6Cx0Lo3szQVlD9ZN6wUfz3IDacLjoMOZkVrclIKO0DU595AVo86TD0C1TC/vCjmDGOfgoQsfS5OFfP+FmN6we9IVIAUcL8CAwEAAaNTMFEwHQYDVR0OBBYEFHTGQuoyDwtbHVLU0SseGvarrJKOMB8GA1UdIwQYMBaAFHTGQuoyDwtbHVLU0SseGvarrJKOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEGcA6GzCv67GYWoFK9zAjN01M79BDSuac2QV+9PYjQ7tLXQPGdoXJjJzrkJLgzTwqH2iIUqGoAZp30dW89yrJuA8s0gk3SbPOowYmst6pN6SeENxXL/1kn/IBm3+oHf5IWf7vaW4j8tYt7Q3x2K3V9GWRrozGEPIXk8yMeJq72wpfWynDxxYOepGG2+pSkm8soi9Fpt29pb+DtKB2U9GpMBS8vHU+1H4trIvEOMsd4v+X1+Vxlnt8tgy8/PrlKk1wLB9r1XA+W/vXPBe0tRcuntsXiniSKGC5oiR9AFS134HFEWuhxXWihNFzsLmNimvvxQBlXMRPZC1waCSoTKTAI=
+      - certificate: MIIDATCCAemgAwIBAgIUIa8TtXJ4Nq8VYrlgbSKcVt0FdckwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDMwHhcNMTkxMDE0MTk0ODQ1WhcNMjAxMDEzMTk0ODQ1WjAQMQ4wDAYDVQQDDAV0ZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyttsxCiNH8qx83FTkQaUKxQXer6aMa5DpyfnGMh1K3icfEHyiKLkrjiuFbnfYC1s/iYkz9UyBQrneglYROGgr8TSFC5LXiVppI3/LONKuBh0GfmBM8dhYkOg6WmEB15EL7Hj3V6Xi/Sx3WFnvY/wAzds06linDp/I46jRXqMrWFuhXbf4A09OXpQs6KOMWkkitw3lKuKLgiNzXEiAHaS2YqW7UwSy9RLCrIDMwEmVzZ/gh3vGwM2jyfhOZ75U/xOt9U6jMQsp7hFQAoSeVBTuGpjI40g3IbNBRNi2SnERFzQFkJr0tzAX250XGDaRwRuLhilYoQoJl59B2cTzYsLECAwEAAaNTMFEwHQYDVR0OBBYEFD8iZgdSshdfyAMNfQNzS74Dl9UVMB8GA1UdIwQYMBaAFD8iZgdSshdfyAMNfQNzS74Dl9UVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFrip5Hl7dHz3oqXLcoza9rQCiMsXV7Q2gVHJ6W2YZZlQpVOBmNPf0n42OVZrnIkDnuGD+pGuw65Aq/TnfMI2KrW8o//aOXLitR60moMEbj61IlBx3aUGvdhyevrz4tM8SHX05p4K86ZJ9jZuS/sNyDwBKBaBAqjW1Rjuqb2o+C9zvDgPWFX++8OgXljDPHR6XYAKpRBmbBZHxYXazjhj1gGhb9/txqDn4EniPXE4rZ/X5MwXzAPs7ROgvr7fkIQypO+O++FGn8rWQL+5zZY0GavOK6FMBJj8M6RDHwEEsXQqSHicsrL8iMx4jun82wgu+gO5lBPTMd0hjsOYR3eT0A=
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members present again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - certificate: MIIDATCCAemgAwIBAgIUFDZuUg9kBvN+ubTBaS6d62KafvQwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDEwHhcNMTkxMDE0MTk0ODM4WhcNMjAxMDEzMTk0ODM4WjAQMQ4wDAYDVQQDDAV0ZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrwv6KuOIZMxjp9aueRgJWKns7P7Oo8lo4ojBVhyB3K11+1OifLqfo2SL9HPx9XynvouMj+XnqbY+NRLOX9wPYAvA7rXUgN1zQYK5stCCTjW0V4QloHnMUPM0shIuErcTP1UMatzTaFxd+UkvZCMNbE9jXHeCd3uDYoqA8Y4yRuqQ4HcnbB7DyMNZHaSCHxQCvZzllJA9m1b+c2sO3l7008PibG5RSpPnrjMUeH4yzjaB8R7A/WApAA1g5bn+IXD2dDsbdHAVFdzqwkxxLlacD8pbM7jWtCI+qJwE6dXpPb5WRkUz3tZLkEW7EQJAi3TMy//hF/SobEul3WVjiO/HUCAwEAAaNTMFEwHQYDVR0OBBYEFCkUPLMp0M5rgxHNAYuunGM0if/vMB8GA1UdIwQYMBaAFCkUPLMp0M5rgxHNAYuunGM0if/vMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI7gj1VllrF0eRqPP9xtSqWla+qGMpHUWur1yIoy3R8I7LV3muQpbgxsfOyH2PHj69v+8yvI5einvOXJVgJxcn/ERxm/prIdo+QlK4O/SDdswJWfjCaDlk03PzjDzHXeEWRwDFV9zpRx/hjLUn8knwBOSbUE8ImUGt37ZBMBsz++y+oCZJVxzwZgcXZ3L4yuhJ0l48Cz+2EEoYN08gJqNk1EzmpBcAYJJ0Ai1psFqu12b32fNIhWSSf5THldqNefdpBlMo5ZtC9wE//NTml+nebA1FJDSppTMfHP/rTb/wfNx5vc5KLYYR9wZUUUDeJhdNPlBZZuuVbn29X6a4teoBk=
+      - certificate: MIIDATCCAemgAwIBAgIUK2Sa8/xr/4H9BOB0K0SswbVmmMcwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDIwHhcNMTkxMDE0MTk0ODM1WhcNMjAxMDEzMTk0ODM1WjAQMQ4wDAYDVQQDDAV0ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQdGqRUTNCptUsZxVe03YTYyhg6+ovidYP9bPPsCS1FzOTCKV9maFv4GHGEI455lkGowW3okT2DPC5pgtH43vZkDtjXNy1JDyg1y4OmxfiAg4Uc0W9DnakvEokVyt44WRzXjlv2CBO+A7Zon8z3aJwKKCV4EfpuvRw/npqhrnGF/w/n7NXyeRXI6lom9hqIQzJoRjXrMIEbtzM8m2GWlFq8af1KJ+Cmm25c87aeyu7I0+BRCq21pwcyQ6Cx0Lo3szQVlD9ZN6wUfz3IDacLjoMOZkVrclIKO0DU595AVo86TD0C1TC/vCjmDGOfgoQsfS5OFfP+FmN6we9IVIAUcL8CAwEAAaNTMFEwHQYDVR0OBBYEFHTGQuoyDwtbHVLU0SseGvarrJKOMB8GA1UdIwQYMBaAFHTGQuoyDwtbHVLU0SseGvarrJKOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEGcA6GzCv67GYWoFK9zAjN01M79BDSuac2QV+9PYjQ7tLXQPGdoXJjJzrkJLgzTwqH2iIUqGoAZp30dW89yrJuA8s0gk3SbPOowYmst6pN6SeENxXL/1kn/IBm3+oHf5IWf7vaW4j8tYt7Q3x2K3V9GWRrozGEPIXk8yMeJq72wpfWynDxxYOepGG2+pSkm8soi9Fpt29pb+DtKB2U9GpMBS8vHU+1H4trIvEOMsd4v+X1+Vxlnt8tgy8/PrlKk1wLB9r1XA+W/vXPBe0tRcuntsXiniSKGC5oiR9AFS134HFEWuhxXWihNFzsLmNimvvxQBlXMRPZC1waCSoTKTAI=
+      - certificate: MIIDATCCAemgAwIBAgIUIa8TtXJ4Nq8VYrlgbSKcVt0FdckwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDMwHhcNMTkxMDE0MTk0ODQ1WhcNMjAxMDEzMTk0ODQ1WjAQMQ4wDAYDVQQDDAV0ZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyttsxCiNH8qx83FTkQaUKxQXer6aMa5DpyfnGMh1K3icfEHyiKLkrjiuFbnfYC1s/iYkz9UyBQrneglYROGgr8TSFC5LXiVppI3/LONKuBh0GfmBM8dhYkOg6WmEB15EL7Hj3V6Xi/Sx3WFnvY/wAzds06linDp/I46jRXqMrWFuhXbf4A09OXpQs6KOMWkkitw3lKuKLgiNzXEiAHaS2YqW7UwSy9RLCrIDMwEmVzZ/gh3vGwM2jyfhOZ75U/xOt9U6jMQsp7hFQAoSeVBTuGpjI40g3IbNBRNi2SnERFzQFkJr0tzAX250XGDaRwRuLhilYoQoJl59B2cTzYsLECAwEAAaNTMFEwHQYDVR0OBBYEFD8iZgdSshdfyAMNfQNzS74Dl9UVMB8GA1UdIwQYMBaAFD8iZgdSshdfyAMNfQNzS74Dl9UVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFrip5Hl7dHz3oqXLcoza9rQCiMsXV7Q2gVHJ6W2YZZlQpVOBmNPf0n42OVZrnIkDnuGD+pGuw65Aq/TnfMI2KrW8o//aOXLitR60moMEbj61IlBx3aUGvdhyevrz4tM8SHX05p4K86ZJ9jZuS/sNyDwBKBaBAqjW1Rjuqb2o+C9zvDgPWFX++8OgXljDPHR6XYAKpRBmbBZHxYXazjhj1gGhb9/txqDn4EniPXE4rZ/X5MwXzAPs7ROgvr7fkIQypO+O++FGn8rWQL+5zZY0GavOK6FMBJj8M6RDHwEEsXQqSHicsrL8iMx4jun82wgu+gO5lBPTMd0hjsOYR3eT0A=
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User test certmapdata members absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - certificate: MIIDATCCAemgAwIBAgIUFDZuUg9kBvN+ubTBaS6d62KafvQwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDEwHhcNMTkxMDE0MTk0ODM4WhcNMjAxMDEzMTk0ODM4WjAQMQ4wDAYDVQQDDAV0ZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrwv6KuOIZMxjp9aueRgJWKns7P7Oo8lo4ojBVhyB3K11+1OifLqfo2SL9HPx9XynvouMj+XnqbY+NRLOX9wPYAvA7rXUgN1zQYK5stCCTjW0V4QloHnMUPM0shIuErcTP1UMatzTaFxd+UkvZCMNbE9jXHeCd3uDYoqA8Y4yRuqQ4HcnbB7DyMNZHaSCHxQCvZzllJA9m1b+c2sO3l7008PibG5RSpPnrjMUeH4yzjaB8R7A/WApAA1g5bn+IXD2dDsbdHAVFdzqwkxxLlacD8pbM7jWtCI+qJwE6dXpPb5WRkUz3tZLkEW7EQJAi3TMy//hF/SobEul3WVjiO/HUCAwEAAaNTMFEwHQYDVR0OBBYEFCkUPLMp0M5rgxHNAYuunGM0if/vMB8GA1UdIwQYMBaAFCkUPLMp0M5rgxHNAYuunGM0if/vMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI7gj1VllrF0eRqPP9xtSqWla+qGMpHUWur1yIoy3R8I7LV3muQpbgxsfOyH2PHj69v+8yvI5einvOXJVgJxcn/ERxm/prIdo+QlK4O/SDdswJWfjCaDlk03PzjDzHXeEWRwDFV9zpRx/hjLUn8knwBOSbUE8ImUGt37ZBMBsz++y+oCZJVxzwZgcXZ3L4yuhJ0l48Cz+2EEoYN08gJqNk1EzmpBcAYJJ0Ai1psFqu12b32fNIhWSSf5THldqNefdpBlMo5ZtC9wE//NTml+nebA1FJDSppTMfHP/rTb/wfNx5vc5KLYYR9wZUUUDeJhdNPlBZZuuVbn29X6a4teoBk=
+      - certificate: MIIDATCCAemgAwIBAgIUK2Sa8/xr/4H9BOB0K0SswbVmmMcwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDIwHhcNMTkxMDE0MTk0ODM1WhcNMjAxMDEzMTk0ODM1WjAQMQ4wDAYDVQQDDAV0ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQdGqRUTNCptUsZxVe03YTYyhg6+ovidYP9bPPsCS1FzOTCKV9maFv4GHGEI455lkGowW3okT2DPC5pgtH43vZkDtjXNy1JDyg1y4OmxfiAg4Uc0W9DnakvEokVyt44WRzXjlv2CBO+A7Zon8z3aJwKKCV4EfpuvRw/npqhrnGF/w/n7NXyeRXI6lom9hqIQzJoRjXrMIEbtzM8m2GWlFq8af1KJ+Cmm25c87aeyu7I0+BRCq21pwcyQ6Cx0Lo3szQVlD9ZN6wUfz3IDacLjoMOZkVrclIKO0DU595AVo86TD0C1TC/vCjmDGOfgoQsfS5OFfP+FmN6we9IVIAUcL8CAwEAAaNTMFEwHQYDVR0OBBYEFHTGQuoyDwtbHVLU0SseGvarrJKOMB8GA1UdIwQYMBaAFHTGQuoyDwtbHVLU0SseGvarrJKOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEGcA6GzCv67GYWoFK9zAjN01M79BDSuac2QV+9PYjQ7tLXQPGdoXJjJzrkJLgzTwqH2iIUqGoAZp30dW89yrJuA8s0gk3SbPOowYmst6pN6SeENxXL/1kn/IBm3+oHf5IWf7vaW4j8tYt7Q3x2K3V9GWRrozGEPIXk8yMeJq72wpfWynDxxYOepGG2+pSkm8soi9Fpt29pb+DtKB2U9GpMBS8vHU+1H4trIvEOMsd4v+X1+Vxlnt8tgy8/PrlKk1wLB9r1XA+W/vXPBe0tRcuntsXiniSKGC5oiR9AFS134HFEWuhxXWihNFzsLmNimvvxQBlXMRPZC1waCSoTKTAI=
+      - certificate: MIIDATCCAemgAwIBAgIUIa8TtXJ4Nq8VYrlgbSKcVt0FdckwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDMwHhcNMTkxMDE0MTk0ODQ1WhcNMjAxMDEzMTk0ODQ1WjAQMQ4wDAYDVQQDDAV0ZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyttsxCiNH8qx83FTkQaUKxQXer6aMa5DpyfnGMh1K3icfEHyiKLkrjiuFbnfYC1s/iYkz9UyBQrneglYROGgr8TSFC5LXiVppI3/LONKuBh0GfmBM8dhYkOg6WmEB15EL7Hj3V6Xi/Sx3WFnvY/wAzds06linDp/I46jRXqMrWFuhXbf4A09OXpQs6KOMWkkitw3lKuKLgiNzXEiAHaS2YqW7UwSy9RLCrIDMwEmVzZ/gh3vGwM2jyfhOZ75U/xOt9U6jMQsp7hFQAoSeVBTuGpjI40g3IbNBRNi2SnERFzQFkJr0tzAX250XGDaRwRuLhilYoQoJl59B2cTzYsLECAwEAAaNTMFEwHQYDVR0OBBYEFD8iZgdSshdfyAMNfQNzS74Dl9UVMB8GA1UdIwQYMBaAFD8iZgdSshdfyAMNfQNzS74Dl9UVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFrip5Hl7dHz3oqXLcoza9rQCiMsXV7Q2gVHJ6W2YZZlQpVOBmNPf0n42OVZrnIkDnuGD+pGuw65Aq/TnfMI2KrW8o//aOXLitR60moMEbj61IlBx3aUGvdhyevrz4tM8SHX05p4K86ZJ9jZuS/sNyDwBKBaBAqjW1Rjuqb2o+C9zvDgPWFX++8OgXljDPHR6XYAKpRBmbBZHxYXazjhj1gGhb9/txqDn4EniPXE4rZ/X5MwXzAPs7ROgvr7fkIQypO+O++FGn8rWQL+5zZY0GavOK6FMBJj8M6RDHwEEsXQqSHicsrL8iMx4jun82wgu+gO5lBPTMd0hjsOYR3eT0A=
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members absent again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - certificate: MIIDATCCAemgAwIBAgIUFDZuUg9kBvN+ubTBaS6d62KafvQwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDEwHhcNMTkxMDE0MTk0ODM4WhcNMjAxMDEzMTk0ODM4WjAQMQ4wDAYDVQQDDAV0ZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrwv6KuOIZMxjp9aueRgJWKns7P7Oo8lo4ojBVhyB3K11+1OifLqfo2SL9HPx9XynvouMj+XnqbY+NRLOX9wPYAvA7rXUgN1zQYK5stCCTjW0V4QloHnMUPM0shIuErcTP1UMatzTaFxd+UkvZCMNbE9jXHeCd3uDYoqA8Y4yRuqQ4HcnbB7DyMNZHaSCHxQCvZzllJA9m1b+c2sO3l7008PibG5RSpPnrjMUeH4yzjaB8R7A/WApAA1g5bn+IXD2dDsbdHAVFdzqwkxxLlacD8pbM7jWtCI+qJwE6dXpPb5WRkUz3tZLkEW7EQJAi3TMy//hF/SobEul3WVjiO/HUCAwEAAaNTMFEwHQYDVR0OBBYEFCkUPLMp0M5rgxHNAYuunGM0if/vMB8GA1UdIwQYMBaAFCkUPLMp0M5rgxHNAYuunGM0if/vMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI7gj1VllrF0eRqPP9xtSqWla+qGMpHUWur1yIoy3R8I7LV3muQpbgxsfOyH2PHj69v+8yvI5einvOXJVgJxcn/ERxm/prIdo+QlK4O/SDdswJWfjCaDlk03PzjDzHXeEWRwDFV9zpRx/hjLUn8knwBOSbUE8ImUGt37ZBMBsz++y+oCZJVxzwZgcXZ3L4yuhJ0l48Cz+2EEoYN08gJqNk1EzmpBcAYJJ0Ai1psFqu12b32fNIhWSSf5THldqNefdpBlMo5ZtC9wE//NTml+nebA1FJDSppTMfHP/rTb/wfNx5vc5KLYYR9wZUUUDeJhdNPlBZZuuVbn29X6a4teoBk=
+      - certificate: MIIDATCCAemgAwIBAgIUK2Sa8/xr/4H9BOB0K0SswbVmmMcwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDIwHhcNMTkxMDE0MTk0ODM1WhcNMjAxMDEzMTk0ODM1WjAQMQ4wDAYDVQQDDAV0ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQdGqRUTNCptUsZxVe03YTYyhg6+ovidYP9bPPsCS1FzOTCKV9maFv4GHGEI455lkGowW3okT2DPC5pgtH43vZkDtjXNy1JDyg1y4OmxfiAg4Uc0W9DnakvEokVyt44WRzXjlv2CBO+A7Zon8z3aJwKKCV4EfpuvRw/npqhrnGF/w/n7NXyeRXI6lom9hqIQzJoRjXrMIEbtzM8m2GWlFq8af1KJ+Cmm25c87aeyu7I0+BRCq21pwcyQ6Cx0Lo3szQVlD9ZN6wUfz3IDacLjoMOZkVrclIKO0DU595AVo86TD0C1TC/vCjmDGOfgoQsfS5OFfP+FmN6we9IVIAUcL8CAwEAAaNTMFEwHQYDVR0OBBYEFHTGQuoyDwtbHVLU0SseGvarrJKOMB8GA1UdIwQYMBaAFHTGQuoyDwtbHVLU0SseGvarrJKOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEGcA6GzCv67GYWoFK9zAjN01M79BDSuac2QV+9PYjQ7tLXQPGdoXJjJzrkJLgzTwqH2iIUqGoAZp30dW89yrJuA8s0gk3SbPOowYmst6pN6SeENxXL/1kn/IBm3+oHf5IWf7vaW4j8tYt7Q3x2K3V9GWRrozGEPIXk8yMeJq72wpfWynDxxYOepGG2+pSkm8soi9Fpt29pb+DtKB2U9GpMBS8vHU+1H4trIvEOMsd4v+X1+Vxlnt8tgy8/PrlKk1wLB9r1XA+W/vXPBe0tRcuntsXiniSKGC5oiR9AFS134HFEWuhxXWihNFzsLmNimvvxQBlXMRPZC1waCSoTKTAI=
+      - certificate: MIIDATCCAemgAwIBAgIUIa8TtXJ4Nq8VYrlgbSKcVt0FdckwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDMwHhcNMTkxMDE0MTk0ODQ1WhcNMjAxMDEzMTk0ODQ1WjAQMQ4wDAYDVQQDDAV0ZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyttsxCiNH8qx83FTkQaUKxQXer6aMa5DpyfnGMh1K3icfEHyiKLkrjiuFbnfYC1s/iYkz9UyBQrneglYROGgr8TSFC5LXiVppI3/LONKuBh0GfmBM8dhYkOg6WmEB15EL7Hj3V6Xi/Sx3WFnvY/wAzds06linDp/I46jRXqMrWFuhXbf4A09OXpQs6KOMWkkitw3lKuKLgiNzXEiAHaS2YqW7UwSy9RLCrIDMwEmVzZ/gh3vGwM2jyfhOZ75U/xOt9U6jMQsp7hFQAoSeVBTuGpjI40g3IbNBRNi2SnERFzQFkJr0tzAX250XGDaRwRuLhilYoQoJl59B2cTzYsLECAwEAAaNTMFEwHQYDVR0OBBYEFD8iZgdSshdfyAMNfQNzS74Dl9UVMB8GA1UdIwQYMBaAFD8iZgdSshdfyAMNfQNzS74Dl9UVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFrip5Hl7dHz3oqXLcoza9rQCiMsXV7Q2gVHJ6W2YZZlQpVOBmNPf0n42OVZrnIkDnuGD+pGuw65Aq/TnfMI2KrW8o//aOXLitR60moMEbj61IlBx3aUGvdhyevrz4tM8SHX05p4K86ZJ9jZuS/sNyDwBKBaBAqjW1Rjuqb2o+C9zvDgPWFX++8OgXljDPHR6XYAKpRBmbBZHxYXazjhj1gGhb9/txqDn4EniPXE4rZ/X5MwXzAPs7ROgvr7fkIQypO+O++FGn8rWQL+5zZY0GavOK6FMBJj8M6RDHwEEsXQqSHicsrL8iMx4jun82wgu+gO5lBPTMd0hjsOYR3eT0A=
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: User test certmapdata members present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - issuer: CN=issuer1
+        subject: CN=subject1
+      - issuer: CN=issuer2
+        subject: CN=subject2
+      - issuer: CN=issuer3
+        subject: CN=subject3
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members present again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - issuer: CN=issuer1
+        subject: CN=subject1
+      - issuer: CN=issuer2
+        subject: CN=subject2
+      - issuer: CN=issuer3
+        subject: CN=subject3
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User test certmapdata members absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - issuer: CN=issuer1
+        subject: CN=subject1
+      - issuer: CN=issuer2
+        subject: CN=subject2
+      - issuer: CN=issuer3
+        subject: CN=subject3
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members absent again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - issuer: CN=issuer1
+        subject: CN=subject1
+      - issuer: CN=issuer2
+        subject: CN=subject2
+      - issuer: CN=issuer3
+        subject: CN=subject3
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: User test absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      state: absent
+    register: result
+    failed_when: not result.changed

tests/user/certmapdata/test_user_certmapdata_issuer_subject.yml

@@ -0,0 +1,91 @@
+---
+- name: Test user certmapdata
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: User test absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      state: absent
+
+  - name: User test present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      first: test
+      last: test
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - issuer: CN=issuer1
+        subject: CN=subject1
+      - issuer: CN=issuer2
+        subject: CN=subject2
+      - issuer: CN=issuer3
+        subject: CN=subject3
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members present again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - issuer: CN=issuer1
+        subject: CN=subject1
+      - issuer: CN=issuer2
+        subject: CN=subject2
+      - issuer: CN=issuer3
+        subject: CN=subject3
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User test certmapdata members absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - issuer: CN=issuer1
+        subject: CN=subject1
+      - issuer: CN=issuer2
+        subject: CN=subject2
+      - issuer: CN=issuer3
+        subject: CN=subject3
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members absent again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      certmapdata:
+      - issuer: CN=issuer1
+        subject: CN=subject1
+      - issuer: CN=issuer2
+        subject: CN=subject2
+      - issuer: CN=issuer3
+        subject: CN=subject3
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: User test absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: test
+      state: absent
+    register: result
+    failed_when: not result.changed

tests/user/certmapdata/test_users_certmapdata.yml

@@ -0,0 +1,171 @@
+#
+# Generate self-signed certificates using openssl:
+#
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private1.key -out cert1.pem -subj '/CN=test1'
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private2.key -out cert2.pem -subj '/CN=test2'
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private3.key -out cert3.pem -subj '/CN=test2'
+#
+# Convert the certificate do DER for easier handling through CLI
+#
+#   openssl x509 -outform der -in cert1.pem -out cert1.der
+#   openssl x509 -outform der -in cert2.pem -out cert2.der
+#   openssl x509 -outform der -in cert3.pem -out cert3.der
+#
+# Use base64:
+#
+#  base64 cert1.der -w5000
+#  base64 cert2.der -w5000
+#  base64 cert3.der -w5000
+#
+---
+- name: Test user certmapdata
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: User test absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+      state: absent
+
+  - name: User test present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        first: test
+        last: test
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certmapdata:
+        - certificate: MIIDATCCAemgAwIBAgIUFDZuUg9kBvN+ubTBaS6d62KafvQwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDEwHhcNMTkxMDE0MTk0ODM4WhcNMjAxMDEzMTk0ODM4WjAQMQ4wDAYDVQQDDAV0ZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrwv6KuOIZMxjp9aueRgJWKns7P7Oo8lo4ojBVhyB3K11+1OifLqfo2SL9HPx9XynvouMj+XnqbY+NRLOX9wPYAvA7rXUgN1zQYK5stCCTjW0V4QloHnMUPM0shIuErcTP1UMatzTaFxd+UkvZCMNbE9jXHeCd3uDYoqA8Y4yRuqQ4HcnbB7DyMNZHaSCHxQCvZzllJA9m1b+c2sO3l7008PibG5RSpPnrjMUeH4yzjaB8R7A/WApAA1g5bn+IXD2dDsbdHAVFdzqwkxxLlacD8pbM7jWtCI+qJwE6dXpPb5WRkUz3tZLkEW7EQJAi3TMy//hF/SobEul3WVjiO/HUCAwEAAaNTMFEwHQYDVR0OBBYEFCkUPLMp0M5rgxHNAYuunGM0if/vMB8GA1UdIwQYMBaAFCkUPLMp0M5rgxHNAYuunGM0if/vMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI7gj1VllrF0eRqPP9xtSqWla+qGMpHUWur1yIoy3R8I7LV3muQpbgxsfOyH2PHj69v+8yvI5einvOXJVgJxcn/ERxm/prIdo+QlK4O/SDdswJWfjCaDlk03PzjDzHXeEWRwDFV9zpRx/hjLUn8knwBOSbUE8ImUGt37ZBMBsz++y+oCZJVxzwZgcXZ3L4yuhJ0l48Cz+2EEoYN08gJqNk1EzmpBcAYJJ0Ai1psFqu12b32fNIhWSSf5THldqNefdpBlMo5ZtC9wE//NTml+nebA1FJDSppTMfHP/rTb/wfNx5vc5KLYYR9wZUUUDeJhdNPlBZZuuVbn29X6a4teoBk=
+        - certificate: MIIDATCCAemgAwIBAgIUK2Sa8/xr/4H9BOB0K0SswbVmmMcwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDIwHhcNMTkxMDE0MTk0ODM1WhcNMjAxMDEzMTk0ODM1WjAQMQ4wDAYDVQQDDAV0ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQdGqRUTNCptUsZxVe03YTYyhg6+ovidYP9bPPsCS1FzOTCKV9maFv4GHGEI455lkGowW3okT2DPC5pgtH43vZkDtjXNy1JDyg1y4OmxfiAg4Uc0W9DnakvEokVyt44WRzXjlv2CBO+A7Zon8z3aJwKKCV4EfpuvRw/npqhrnGF/w/n7NXyeRXI6lom9hqIQzJoRjXrMIEbtzM8m2GWlFq8af1KJ+Cmm25c87aeyu7I0+BRCq21pwcyQ6Cx0Lo3szQVlD9ZN6wUfz3IDacLjoMOZkVrclIKO0DU595AVo86TD0C1TC/vCjmDGOfgoQsfS5OFfP+FmN6we9IVIAUcL8CAwEAAaNTMFEwHQYDVR0OBBYEFHTGQuoyDwtbHVLU0SseGvarrJKOMB8GA1UdIwQYMBaAFHTGQuoyDwtbHVLU0SseGvarrJKOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEGcA6GzCv67GYWoFK9zAjN01M79BDSuac2QV+9PYjQ7tLXQPGdoXJjJzrkJLgzTwqH2iIUqGoAZp30dW89yrJuA8s0gk3SbPOowYmst6pN6SeENxXL/1kn/IBm3+oHf5IWf7vaW4j8tYt7Q3x2K3V9GWRrozGEPIXk8yMeJq72wpfWynDxxYOepGG2+pSkm8soi9Fpt29pb+DtKB2U9GpMBS8vHU+1H4trIvEOMsd4v+X1+Vxlnt8tgy8/PrlKk1wLB9r1XA+W/vXPBe0tRcuntsXiniSKGC5oiR9AFS134HFEWuhxXWihNFzsLmNimvvxQBlXMRPZC1waCSoTKTAI=
+        - certificate: MIIDATCCAemgAwIBAgIUIa8TtXJ4Nq8VYrlgbSKcVt0FdckwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDMwHhcNMTkxMDE0MTk0ODQ1WhcNMjAxMDEzMTk0ODQ1WjAQMQ4wDAYDVQQDDAV0ZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyttsxCiNH8qx83FTkQaUKxQXer6aMa5DpyfnGMh1K3icfEHyiKLkrjiuFbnfYC1s/iYkz9UyBQrneglYROGgr8TSFC5LXiVppI3/LONKuBh0GfmBM8dhYkOg6WmEB15EL7Hj3V6Xi/Sx3WFnvY/wAzds06linDp/I46jRXqMrWFuhXbf4A09OXpQs6KOMWkkitw3lKuKLgiNzXEiAHaS2YqW7UwSy9RLCrIDMwEmVzZ/gh3vGwM2jyfhOZ75U/xOt9U6jMQsp7hFQAoSeVBTuGpjI40g3IbNBRNi2SnERFzQFkJr0tzAX250XGDaRwRuLhilYoQoJl59B2cTzYsLECAwEAAaNTMFEwHQYDVR0OBBYEFD8iZgdSshdfyAMNfQNzS74Dl9UVMB8GA1UdIwQYMBaAFD8iZgdSshdfyAMNfQNzS74Dl9UVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFrip5Hl7dHz3oqXLcoza9rQCiMsXV7Q2gVHJ6W2YZZlQpVOBmNPf0n42OVZrnIkDnuGD+pGuw65Aq/TnfMI2KrW8o//aOXLitR60moMEbj61IlBx3aUGvdhyevrz4tM8SHX05p4K86ZJ9jZuS/sNyDwBKBaBAqjW1Rjuqb2o+C9zvDgPWFX++8OgXljDPHR6XYAKpRBmbBZHxYXazjhj1gGhb9/txqDn4EniPXE4rZ/X5MwXzAPs7ROgvr7fkIQypO+O++FGn8rWQL+5zZY0GavOK6FMBJj8M6RDHwEEsXQqSHicsrL8iMx4jun82wgu+gO5lBPTMd0hjsOYR3eT0A=
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members present again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certmapdata:
+        - certificate: MIIDATCCAemgAwIBAgIUFDZuUg9kBvN+ubTBaS6d62KafvQwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDEwHhcNMTkxMDE0MTk0ODM4WhcNMjAxMDEzMTk0ODM4WjAQMQ4wDAYDVQQDDAV0ZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrwv6KuOIZMxjp9aueRgJWKns7P7Oo8lo4ojBVhyB3K11+1OifLqfo2SL9HPx9XynvouMj+XnqbY+NRLOX9wPYAvA7rXUgN1zQYK5stCCTjW0V4QloHnMUPM0shIuErcTP1UMatzTaFxd+UkvZCMNbE9jXHeCd3uDYoqA8Y4yRuqQ4HcnbB7DyMNZHaSCHxQCvZzllJA9m1b+c2sO3l7008PibG5RSpPnrjMUeH4yzjaB8R7A/WApAA1g5bn+IXD2dDsbdHAVFdzqwkxxLlacD8pbM7jWtCI+qJwE6dXpPb5WRkUz3tZLkEW7EQJAi3TMy//hF/SobEul3WVjiO/HUCAwEAAaNTMFEwHQYDVR0OBBYEFCkUPLMp0M5rgxHNAYuunGM0if/vMB8GA1UdIwQYMBaAFCkUPLMp0M5rgxHNAYuunGM0if/vMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI7gj1VllrF0eRqPP9xtSqWla+qGMpHUWur1yIoy3R8I7LV3muQpbgxsfOyH2PHj69v+8yvI5einvOXJVgJxcn/ERxm/prIdo+QlK4O/SDdswJWfjCaDlk03PzjDzHXeEWRwDFV9zpRx/hjLUn8knwBOSbUE8ImUGt37ZBMBsz++y+oCZJVxzwZgcXZ3L4yuhJ0l48Cz+2EEoYN08gJqNk1EzmpBcAYJJ0Ai1psFqu12b32fNIhWSSf5THldqNefdpBlMo5ZtC9wE//NTml+nebA1FJDSppTMfHP/rTb/wfNx5vc5KLYYR9wZUUUDeJhdNPlBZZuuVbn29X6a4teoBk=
+        - certificate: MIIDATCCAemgAwIBAgIUK2Sa8/xr/4H9BOB0K0SswbVmmMcwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDIwHhcNMTkxMDE0MTk0ODM1WhcNMjAxMDEzMTk0ODM1WjAQMQ4wDAYDVQQDDAV0ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQdGqRUTNCptUsZxVe03YTYyhg6+ovidYP9bPPsCS1FzOTCKV9maFv4GHGEI455lkGowW3okT2DPC5pgtH43vZkDtjXNy1JDyg1y4OmxfiAg4Uc0W9DnakvEokVyt44WRzXjlv2CBO+A7Zon8z3aJwKKCV4EfpuvRw/npqhrnGF/w/n7NXyeRXI6lom9hqIQzJoRjXrMIEbtzM8m2GWlFq8af1KJ+Cmm25c87aeyu7I0+BRCq21pwcyQ6Cx0Lo3szQVlD9ZN6wUfz3IDacLjoMOZkVrclIKO0DU595AVo86TD0C1TC/vCjmDGOfgoQsfS5OFfP+FmN6we9IVIAUcL8CAwEAAaNTMFEwHQYDVR0OBBYEFHTGQuoyDwtbHVLU0SseGvarrJKOMB8GA1UdIwQYMBaAFHTGQuoyDwtbHVLU0SseGvarrJKOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEGcA6GzCv67GYWoFK9zAjN01M79BDSuac2QV+9PYjQ7tLXQPGdoXJjJzrkJLgzTwqH2iIUqGoAZp30dW89yrJuA8s0gk3SbPOowYmst6pN6SeENxXL/1kn/IBm3+oHf5IWf7vaW4j8tYt7Q3x2K3V9GWRrozGEPIXk8yMeJq72wpfWynDxxYOepGG2+pSkm8soi9Fpt29pb+DtKB2U9GpMBS8vHU+1H4trIvEOMsd4v+X1+Vxlnt8tgy8/PrlKk1wLB9r1XA+W/vXPBe0tRcuntsXiniSKGC5oiR9AFS134HFEWuhxXWihNFzsLmNimvvxQBlXMRPZC1waCSoTKTAI=
+        - certificate: MIIDATCCAemgAwIBAgIUIa8TtXJ4Nq8VYrlgbSKcVt0FdckwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDMwHhcNMTkxMDE0MTk0ODQ1WhcNMjAxMDEzMTk0ODQ1WjAQMQ4wDAYDVQQDDAV0ZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyttsxCiNH8qx83FTkQaUKxQXer6aMa5DpyfnGMh1K3icfEHyiKLkrjiuFbnfYC1s/iYkz9UyBQrneglYROGgr8TSFC5LXiVppI3/LONKuBh0GfmBM8dhYkOg6WmEB15EL7Hj3V6Xi/Sx3WFnvY/wAzds06linDp/I46jRXqMrWFuhXbf4A09OXpQs6KOMWkkitw3lKuKLgiNzXEiAHaS2YqW7UwSy9RLCrIDMwEmVzZ/gh3vGwM2jyfhOZ75U/xOt9U6jMQsp7hFQAoSeVBTuGpjI40g3IbNBRNi2SnERFzQFkJr0tzAX250XGDaRwRuLhilYoQoJl59B2cTzYsLECAwEAAaNTMFEwHQYDVR0OBBYEFD8iZgdSshdfyAMNfQNzS74Dl9UVMB8GA1UdIwQYMBaAFD8iZgdSshdfyAMNfQNzS74Dl9UVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFrip5Hl7dHz3oqXLcoza9rQCiMsXV7Q2gVHJ6W2YZZlQpVOBmNPf0n42OVZrnIkDnuGD+pGuw65Aq/TnfMI2KrW8o//aOXLitR60moMEbj61IlBx3aUGvdhyevrz4tM8SHX05p4K86ZJ9jZuS/sNyDwBKBaBAqjW1Rjuqb2o+C9zvDgPWFX++8OgXljDPHR6XYAKpRBmbBZHxYXazjhj1gGhb9/txqDn4EniPXE4rZ/X5MwXzAPs7ROgvr7fkIQypO+O++FGn8rWQL+5zZY0GavOK6FMBJj8M6RDHwEEsXQqSHicsrL8iMx4jun82wgu+gO5lBPTMd0hjsOYR3eT0A=
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User test certmapdata members absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certmapdata:
+        - certificate: MIIDATCCAemgAwIBAgIUFDZuUg9kBvN+ubTBaS6d62KafvQwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDEwHhcNMTkxMDE0MTk0ODM4WhcNMjAxMDEzMTk0ODM4WjAQMQ4wDAYDVQQDDAV0ZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrwv6KuOIZMxjp9aueRgJWKns7P7Oo8lo4ojBVhyB3K11+1OifLqfo2SL9HPx9XynvouMj+XnqbY+NRLOX9wPYAvA7rXUgN1zQYK5stCCTjW0V4QloHnMUPM0shIuErcTP1UMatzTaFxd+UkvZCMNbE9jXHeCd3uDYoqA8Y4yRuqQ4HcnbB7DyMNZHaSCHxQCvZzllJA9m1b+c2sO3l7008PibG5RSpPnrjMUeH4yzjaB8R7A/WApAA1g5bn+IXD2dDsbdHAVFdzqwkxxLlacD8pbM7jWtCI+qJwE6dXpPb5WRkUz3tZLkEW7EQJAi3TMy//hF/SobEul3WVjiO/HUCAwEAAaNTMFEwHQYDVR0OBBYEFCkUPLMp0M5rgxHNAYuunGM0if/vMB8GA1UdIwQYMBaAFCkUPLMp0M5rgxHNAYuunGM0if/vMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI7gj1VllrF0eRqPP9xtSqWla+qGMpHUWur1yIoy3R8I7LV3muQpbgxsfOyH2PHj69v+8yvI5einvOXJVgJxcn/ERxm/prIdo+QlK4O/SDdswJWfjCaDlk03PzjDzHXeEWRwDFV9zpRx/hjLUn8knwBOSbUE8ImUGt37ZBMBsz++y+oCZJVxzwZgcXZ3L4yuhJ0l48Cz+2EEoYN08gJqNk1EzmpBcAYJJ0Ai1psFqu12b32fNIhWSSf5THldqNefdpBlMo5ZtC9wE//NTml+nebA1FJDSppTMfHP/rTb/wfNx5vc5KLYYR9wZUUUDeJhdNPlBZZuuVbn29X6a4teoBk=
+        - certificate: MIIDATCCAemgAwIBAgIUK2Sa8/xr/4H9BOB0K0SswbVmmMcwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDIwHhcNMTkxMDE0MTk0ODM1WhcNMjAxMDEzMTk0ODM1WjAQMQ4wDAYDVQQDDAV0ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQdGqRUTNCptUsZxVe03YTYyhg6+ovidYP9bPPsCS1FzOTCKV9maFv4GHGEI455lkGowW3okT2DPC5pgtH43vZkDtjXNy1JDyg1y4OmxfiAg4Uc0W9DnakvEokVyt44WRzXjlv2CBO+A7Zon8z3aJwKKCV4EfpuvRw/npqhrnGF/w/n7NXyeRXI6lom9hqIQzJoRjXrMIEbtzM8m2GWlFq8af1KJ+Cmm25c87aeyu7I0+BRCq21pwcyQ6Cx0Lo3szQVlD9ZN6wUfz3IDacLjoMOZkVrclIKO0DU595AVo86TD0C1TC/vCjmDGOfgoQsfS5OFfP+FmN6we9IVIAUcL8CAwEAAaNTMFEwHQYDVR0OBBYEFHTGQuoyDwtbHVLU0SseGvarrJKOMB8GA1UdIwQYMBaAFHTGQuoyDwtbHVLU0SseGvarrJKOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEGcA6GzCv67GYWoFK9zAjN01M79BDSuac2QV+9PYjQ7tLXQPGdoXJjJzrkJLgzTwqH2iIUqGoAZp30dW89yrJuA8s0gk3SbPOowYmst6pN6SeENxXL/1kn/IBm3+oHf5IWf7vaW4j8tYt7Q3x2K3V9GWRrozGEPIXk8yMeJq72wpfWynDxxYOepGG2+pSkm8soi9Fpt29pb+DtKB2U9GpMBS8vHU+1H4trIvEOMsd4v+X1+Vxlnt8tgy8/PrlKk1wLB9r1XA+W/vXPBe0tRcuntsXiniSKGC5oiR9AFS134HFEWuhxXWihNFzsLmNimvvxQBlXMRPZC1waCSoTKTAI=
+        - certificate: MIIDATCCAemgAwIBAgIUIa8TtXJ4Nq8VYrlgbSKcVt0FdckwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDMwHhcNMTkxMDE0MTk0ODQ1WhcNMjAxMDEzMTk0ODQ1WjAQMQ4wDAYDVQQDDAV0ZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyttsxCiNH8qx83FTkQaUKxQXer6aMa5DpyfnGMh1K3icfEHyiKLkrjiuFbnfYC1s/iYkz9UyBQrneglYROGgr8TSFC5LXiVppI3/LONKuBh0GfmBM8dhYkOg6WmEB15EL7Hj3V6Xi/Sx3WFnvY/wAzds06linDp/I46jRXqMrWFuhXbf4A09OXpQs6KOMWkkitw3lKuKLgiNzXEiAHaS2YqW7UwSy9RLCrIDMwEmVzZ/gh3vGwM2jyfhOZ75U/xOt9U6jMQsp7hFQAoSeVBTuGpjI40g3IbNBRNi2SnERFzQFkJr0tzAX250XGDaRwRuLhilYoQoJl59B2cTzYsLECAwEAAaNTMFEwHQYDVR0OBBYEFD8iZgdSshdfyAMNfQNzS74Dl9UVMB8GA1UdIwQYMBaAFD8iZgdSshdfyAMNfQNzS74Dl9UVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFrip5Hl7dHz3oqXLcoza9rQCiMsXV7Q2gVHJ6W2YZZlQpVOBmNPf0n42OVZrnIkDnuGD+pGuw65Aq/TnfMI2KrW8o//aOXLitR60moMEbj61IlBx3aUGvdhyevrz4tM8SHX05p4K86ZJ9jZuS/sNyDwBKBaBAqjW1Rjuqb2o+C9zvDgPWFX++8OgXljDPHR6XYAKpRBmbBZHxYXazjhj1gGhb9/txqDn4EniPXE4rZ/X5MwXzAPs7ROgvr7fkIQypO+O++FGn8rWQL+5zZY0GavOK6FMBJj8M6RDHwEEsXQqSHicsrL8iMx4jun82wgu+gO5lBPTMd0hjsOYR3eT0A=
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members absent again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certmapdata:
+        - certificate: MIIDATCCAemgAwIBAgIUFDZuUg9kBvN+ubTBaS6d62KafvQwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDEwHhcNMTkxMDE0MTk0ODM4WhcNMjAxMDEzMTk0ODM4WjAQMQ4wDAYDVQQDDAV0ZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrwv6KuOIZMxjp9aueRgJWKns7P7Oo8lo4ojBVhyB3K11+1OifLqfo2SL9HPx9XynvouMj+XnqbY+NRLOX9wPYAvA7rXUgN1zQYK5stCCTjW0V4QloHnMUPM0shIuErcTP1UMatzTaFxd+UkvZCMNbE9jXHeCd3uDYoqA8Y4yRuqQ4HcnbB7DyMNZHaSCHxQCvZzllJA9m1b+c2sO3l7008PibG5RSpPnrjMUeH4yzjaB8R7A/WApAA1g5bn+IXD2dDsbdHAVFdzqwkxxLlacD8pbM7jWtCI+qJwE6dXpPb5WRkUz3tZLkEW7EQJAi3TMy//hF/SobEul3WVjiO/HUCAwEAAaNTMFEwHQYDVR0OBBYEFCkUPLMp0M5rgxHNAYuunGM0if/vMB8GA1UdIwQYMBaAFCkUPLMp0M5rgxHNAYuunGM0if/vMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI7gj1VllrF0eRqPP9xtSqWla+qGMpHUWur1yIoy3R8I7LV3muQpbgxsfOyH2PHj69v+8yvI5einvOXJVgJxcn/ERxm/prIdo+QlK4O/SDdswJWfjCaDlk03PzjDzHXeEWRwDFV9zpRx/hjLUn8knwBOSbUE8ImUGt37ZBMBsz++y+oCZJVxzwZgcXZ3L4yuhJ0l48Cz+2EEoYN08gJqNk1EzmpBcAYJJ0Ai1psFqu12b32fNIhWSSf5THldqNefdpBlMo5ZtC9wE//NTml+nebA1FJDSppTMfHP/rTb/wfNx5vc5KLYYR9wZUUUDeJhdNPlBZZuuVbn29X6a4teoBk=
+        - certificate: MIIDATCCAemgAwIBAgIUK2Sa8/xr/4H9BOB0K0SswbVmmMcwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDIwHhcNMTkxMDE0MTk0ODM1WhcNMjAxMDEzMTk0ODM1WjAQMQ4wDAYDVQQDDAV0ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQdGqRUTNCptUsZxVe03YTYyhg6+ovidYP9bPPsCS1FzOTCKV9maFv4GHGEI455lkGowW3okT2DPC5pgtH43vZkDtjXNy1JDyg1y4OmxfiAg4Uc0W9DnakvEokVyt44WRzXjlv2CBO+A7Zon8z3aJwKKCV4EfpuvRw/npqhrnGF/w/n7NXyeRXI6lom9hqIQzJoRjXrMIEbtzM8m2GWlFq8af1KJ+Cmm25c87aeyu7I0+BRCq21pwcyQ6Cx0Lo3szQVlD9ZN6wUfz3IDacLjoMOZkVrclIKO0DU595AVo86TD0C1TC/vCjmDGOfgoQsfS5OFfP+FmN6we9IVIAUcL8CAwEAAaNTMFEwHQYDVR0OBBYEFHTGQuoyDwtbHVLU0SseGvarrJKOMB8GA1UdIwQYMBaAFHTGQuoyDwtbHVLU0SseGvarrJKOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEGcA6GzCv67GYWoFK9zAjN01M79BDSuac2QV+9PYjQ7tLXQPGdoXJjJzrkJLgzTwqH2iIUqGoAZp30dW89yrJuA8s0gk3SbPOowYmst6pN6SeENxXL/1kn/IBm3+oHf5IWf7vaW4j8tYt7Q3x2K3V9GWRrozGEPIXk8yMeJq72wpfWynDxxYOepGG2+pSkm8soi9Fpt29pb+DtKB2U9GpMBS8vHU+1H4trIvEOMsd4v+X1+Vxlnt8tgy8/PrlKk1wLB9r1XA+W/vXPBe0tRcuntsXiniSKGC5oiR9AFS134HFEWuhxXWihNFzsLmNimvvxQBlXMRPZC1waCSoTKTAI=
+        - certificate: MIIDATCCAemgAwIBAgIUIa8TtXJ4Nq8VYrlgbSKcVt0FdckwDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFdGVzdDMwHhcNMTkxMDE0MTk0ODQ1WhcNMjAxMDEzMTk0ODQ1WjAQMQ4wDAYDVQQDDAV0ZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyttsxCiNH8qx83FTkQaUKxQXer6aMa5DpyfnGMh1K3icfEHyiKLkrjiuFbnfYC1s/iYkz9UyBQrneglYROGgr8TSFC5LXiVppI3/LONKuBh0GfmBM8dhYkOg6WmEB15EL7Hj3V6Xi/Sx3WFnvY/wAzds06linDp/I46jRXqMrWFuhXbf4A09OXpQs6KOMWkkitw3lKuKLgiNzXEiAHaS2YqW7UwSy9RLCrIDMwEmVzZ/gh3vGwM2jyfhOZ75U/xOt9U6jMQsp7hFQAoSeVBTuGpjI40g3IbNBRNi2SnERFzQFkJr0tzAX250XGDaRwRuLhilYoQoJl59B2cTzYsLECAwEAAaNTMFEwHQYDVR0OBBYEFD8iZgdSshdfyAMNfQNzS74Dl9UVMB8GA1UdIwQYMBaAFD8iZgdSshdfyAMNfQNzS74Dl9UVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFrip5Hl7dHz3oqXLcoza9rQCiMsXV7Q2gVHJ6W2YZZlQpVOBmNPf0n42OVZrnIkDnuGD+pGuw65Aq/TnfMI2KrW8o//aOXLitR60moMEbj61IlBx3aUGvdhyevrz4tM8SHX05p4K86ZJ9jZuS/sNyDwBKBaBAqjW1Rjuqb2o+C9zvDgPWFX++8OgXljDPHR6XYAKpRBmbBZHxYXazjhj1gGhb9/txqDn4EniPXE4rZ/X5MwXzAPs7ROgvr7fkIQypO+O++FGn8rWQL+5zZY0GavOK6FMBJj8M6RDHwEEsXQqSHicsrL8iMx4jun82wgu+gO5lBPTMd0hjsOYR3eT0A=
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: User test certmapdata members present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certmapdata:
+        - issuer: CN=issuer1
+          subject: CN=subject1
+        - issuer: CN=issuer2
+          subject: CN=subject2
+        - issuer: CN=issuer3
+          subject: CN=subject3
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members present again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certmapdata:
+        - issuer: CN=issuer1
+          subject: CN=subject1
+        - issuer: CN=issuer2
+          subject: CN=subject2
+        - issuer: CN=issuer3
+          subject: CN=subject3
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User test certmapdata members absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certmapdata:
+        - issuer: CN=issuer1
+          subject: CN=subject1
+        - issuer: CN=issuer2
+          subject: CN=subject2
+        - issuer: CN=issuer3
+          subject: CN=subject3
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User test certmapdata members absent again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certmapdata:
+        - issuer: CN=issuer1
+          subject: CN=subject1
+        - issuer: CN=issuer2
+          subject: CN=subject2
+        - issuer: CN=issuer3
+          subject: CN=subject3
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: User test absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+      state: absent
+    register: result
+    failed_when: not result.changed

tests/user/test_user.yml

@@ -0,0 +1,258 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Remove test users
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: manager1,manager2,manager3,pinky,pinky2
+      state: absent
+
+  - name: User manager1 present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: manager1
+      first: Manager
+      last: One
+    register: result
+    failed_when: not result.changed
+
+  - name: User manager2 present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: manager2
+      first: Manager
+      last: One
+    register: result
+    failed_when: not result.changed
+
+  - name: User manager3 present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: manager3
+      first: Manager
+      last: One
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      uid: 10001
+      gid: 100
+      phone: "+555123457"
+      email: pinky@acme.com
+      principalexpiration: "20220119235959"
+      #passwordexpiration: "2022-01-19 23:59:59"
+      first: pinky
+      last: Acme
+      initials: pa
+      #password: foo2
+      principal: pa
+      random: yes
+      city: PinkyCity
+      userstate: PinkyState
+      postalcode: PinkyZip
+      mobile: "+555123458,+555123459"
+      pager: "+555123450,+555123451"
+      fax: "+555123452,+555123453"
+      orgunit: PinkyOrgUnit
+      manager: manager1,manager2
+      update_password: on_create
+      carlicense: PinkyCarLicense1,PinkyCarLicense2
+      # sshpubkey
+      userauthtype: password,radius,otp
+      userclass: PinkyUserClass
+      #radius: "http://some.link/"
+      #radiususer: PinkyRadiusUser
+      departmentnumber: "1234"
+      employeenumber: "0815"
+      employeetype: "PinkyExmployeeType"
+      preferredlanguage: "en"
+      # certificate
+      noprivate: yes
+      nomembers: false
+      #issuer: PinkyIssuer
+      #subject: PinkySubject
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky present with changed settings
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      first: pinky
+      last: Acme
+      #manager: manager1,manager2,manager3
+      #principal: pa,pa1,pa3
+      sshpubkey:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqmVDpEX5gnSjKuv97AyzOhaUMMKz8ahOA3GY77tVC4o68KNgMCmDSEG1/kOIaElngNLaCha3p/2iAcU9Bi1tLKUlm2bbO5NHNwHfRxY/3cJtq+/7D1vxJzqThYwI4F9vr1WxyY2+mMTv3pXbfAJoR8Mu06XaEY5PDetlDKjHLuNWF+/O7ZU8PsULTa1dJZFrtXeFpmUoLoGxQBvlrlcPI1zDciCSU24t27Zan5Py2l5QchyI7yhCyMM77KDtj5+AFVpmkb9+zq50rYJAyFVeyUvwjzErvQrKJzYpA0NyBp7vskWbt36M16/M/LxEK7HA6mkcakO3ESWx5MT1LAjvdlnxbWG3787MxweHXuB8CZU+9bZPFBaJ+VQtOfJ7I8eH0S16moPC4ak8FlcFvOH8ERDPWLFDqfy09yaZ7bVIF0//5ZI7Nf3YDe3S7GrBX5ieYuECyP6UNkTx9BRsAQeVvXEc6otzB7iCSnYBMGUGzCqeigoAWaVQUONsSR3Uatks= pinky@ipaserver.el81.local
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDc8MIjaSrxLYHvu+hduoF4m6NUFSlXZWzYbd3BK4L47/U4eiXoOS6dcfuZJDjmLfOipc7XVp7NADwAgA1yBOAjbeVpXr2tC8w8saZibl75WBOEjDfNroiOh/f/ojrwwHg05QTVSZHs27sU1HBPyCQM/FHVM6EnRfmyiBkEBA/3ca0PJ9UJhWb2XisCaz6y6QcTh4gQnvHzgmEmK31GwiKnmBSEQuj8P5NGCO8RlN3cq3zpRpMDEoBRCjQYicllf/5P43r5OGvS1LhTiAMfyqE37URezNQa7aozBpH1GhIwAmjAtm84jXQjxUgZPYC0aSLuADYErScOP4792r6koH9t/DM5/M+jG2c4PNWynDczUw6Eaxl5E3hU0Ee9UN0Oee7iBnVenS/QMeZNyo5lMA/HXT5lrYiJGTYM0shRjGXXYBbJZhWerguSWDAdUd1gvuGP1nb7/+/Cvb46+HX7zYouS5Ojo0yPzMZ07X142jnKAfx9LnKdMUCwBJzbtoJ91Zc= pinky@ipaserver.el81.local
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky add manager manager1
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager1
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky add manager manager1 again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager1
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky add manager manager2, manager3
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager2,manager3
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky add manager manager2, manager3 again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager2,manager3
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky remove manager manager1
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager1
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky remove manager manager1 again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager1
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky add principal pa
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky add principal pa again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky add principal pa1
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa1
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky remove principal pa1
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa1
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky remove principal pa1 again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa1
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky remove principal pa
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky remove principal non-existing pa2
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa2
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky absent and preserved
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      preserve: yes
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky undeleted (preserved before)
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      state: undeleted
+    register: result
+    failed_when: not result.changed
+
+  - name: Users pinky disabled
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      state: disabled
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky enabled
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      state: enabled
+    register: result
+    failed_when: not result.changed
+
+  - name: Remove test users
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: manager1,manager2,manager3,pinky,pinky2
+      state: absent

tests/user/test_users.yml

@@ -0,0 +1,376 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Remove test users
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: user1,user2,user3,user4,user5,user6,user7,user8,user9,user10
+      state: absent
+
+  - name: Users user1..10 present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: user1
+        givenname: user1
+        last: Last
+      - name: user2
+        first: user2
+        last: Last
+      - name: user3
+        first: user3
+        last: Last
+      - name: user4
+        first: user4
+        last: Last
+      - name: user5
+        first: user5
+        last: Last
+      - name: user6
+        first: user6
+        last: Last
+      - name: user7
+        first: user7
+        last: Last
+      - name: user8
+        first: user8
+        last: Last
+      - name: user9
+        first: user9
+        last: Last
+      - name: user10
+        first: user10
+        last: Last
+    register: result
+    failed_when: not result.changed
+
+  - name: Users user1..10 present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: user1
+        givenname: user1
+        last: Last
+      - name: user2
+        first: user2
+        last: Last
+      - name: user3
+        first: user3
+        last: Last
+      - name: user4
+        first: user4
+        last: Last
+      - name: user5
+        first: user5
+        last: Last
+      - name: user6
+        first: user6
+        last: Last
+      - name: user7
+        first: user7
+        last: Last
+      - name: user8
+        first: user8
+        last: Last
+      - name: user9
+        first: user9
+        last: Last
+      - name: user10
+        first: user10
+        last: Last
+    register: result
+    failed_when: result.changed
+
+  - name: Remove test users
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: user1,user2,user3,user4,user5,user6,user7,user8,user9,user10
+      state: absent
+
+  - name: Remove test users
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: manager1,manager2,manager3,pinky,pinky2
+      state: absent
+
+  - name: User manager1 present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: manager1
+        first: Manager1
+        last: One1
+      - name: manager2
+        first: Manager2
+        last: One2
+      - name: manager3
+        first: Manager3
+        last: One3
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      uid: 10001
+      gid: 100
+      phone: "+555123457"
+      email: pinky@acme.com
+      principalexpiration: "20220119235959"
+      #passwordexpiration: "2022-01-19 23:59:59"
+      first: pinky
+      last: Acme
+      initials: pa
+      #password: foo2
+      principal: pa
+      random: yes
+      city: PinkyCity
+      userstate: PinkyState
+      postalcode: PinkyZip
+      mobile: "+555123458,+555123459"
+      pager: "+555123450,+555123451"
+      fax: "+555123452,+555123453"
+      orgunit: PinkyOrgUnit
+      manager: manager1,manager2
+      update_password: on_create
+      carlicense: PinkyCarLicense1,PinkyCarLicense2
+      # sshpubkey
+      userauthtype: password,radius,otp
+      userclass: PinkyUserClass
+      #radius: "http://some.link/"
+      #radiususer: PinkyRadiusUser
+      departmentnumber: "1234"
+      employeenumber: "0815"
+      employeetype: "PinkyExmployeeType"
+      preferredlanguage: "en"
+      # certificate
+      noprivate: yes
+      nomembers: false
+      #issuer: PinkyIssuer
+      #subject: PinkySubject
+    register: result
+    failed_when: not result.changed
+
+  - name: Same user pinky present again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      uid: 10001
+      gid: 100
+      phone: "+555123457"
+      email: pinky@acme.com
+      principalexpiration: "20220119235959"
+      #passwordexpiration: "2022-01-19 23:59:59"
+      first: pinky
+      last: Acme
+      initials: pa
+      #password: foo2
+      principal: pa
+      random: yes
+      city: PinkyCity
+      userstate: PinkyState
+      postalcode: PinkyZip
+      mobile: "+555123458,+555123459"
+      pager: "+555123450,+555123451"
+      fax: "+555123452,+555123453"
+      orgunit: PinkyOrgUnit
+      manager: manager1,manager2
+      update_password: on_create
+      carlicense: PinkyCarLicense1,PinkyCarLicense2
+      # sshpubkey
+      userauthtype: password,radius,otp
+      userclass: PinkyUserClass
+      #radius: "http://some.link/"
+      #radiususer: PinkyRadiusUser
+      departmentnumber: "1234"
+      employeenumber: "0815"
+      employeetype: "PinkyExmployeeType"
+      preferredlanguage: "en"
+      # certificate
+      noprivate: yes
+      nomembers: false
+      #issuer: PinkyIssuer
+      #subject: PinkySubject
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky present with changed settings
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      first: pinky
+      last: Acme
+      #manager: manager1,manager2,manager3
+      #principal: pa,pa1,pa3
+      sshpubkey:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqmVDpEX5gnSjKuv97AyzOhaUMMKz8ahOA3GY77tVC4o68KNgMCmDSEG1/kOIaElngNLaCha3p/2iAcU9Bi1tLKUlm2bbO5NHNwHfRxY/3cJtq+/7D1vxJzqThYwI4F9vr1WxyY2+mMTv3pXbfAJoR8Mu06XaEY5PDetlDKjHLuNWF+/O7ZU8PsULTa1dJZFrtXeFpmUoLoGxQBvlrlcPI1zDciCSU24t27Zan5Py2l5QchyI7yhCyMM77KDtj5+AFVpmkb9+zq50rYJAyFVeyUvwjzErvQrKJzYpA0NyBp7vskWbt36M16/M/LxEK7HA6mkcakO3ESWx5MT1LAjvdlnxbWG3787MxweHXuB8CZU+9bZPFBaJ+VQtOfJ7I8eH0S16moPC4ak8FlcFvOH8ERDPWLFDqfy09yaZ7bVIF0//5ZI7Nf3YDe3S7GrBX5ieYuECyP6UNkTx9BRsAQeVvXEc6otzB7iCSnYBMGUGzCqeigoAWaVQUONsSR3Uatks= pinky@ipaserver.el81.local
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDc8MIjaSrxLYHvu+hduoF4m6NUFSlXZWzYbd3BK4L47/U4eiXoOS6dcfuZJDjmLfOipc7XVp7NADwAgA1yBOAjbeVpXr2tC8w8saZibl75WBOEjDfNroiOh/f/ojrwwHg05QTVSZHs27sU1HBPyCQM/FHVM6EnRfmyiBkEBA/3ca0PJ9UJhWb2XisCaz6y6QcTh4gQnvHzgmEmK31GwiKnmBSEQuj8P5NGCO8RlN3cq3zpRpMDEoBRCjQYicllf/5P43r5OGvS1LhTiAMfyqE37URezNQa7aozBpH1GhIwAmjAtm84jXQjxUgZPYC0aSLuADYErScOP4792r6koH9t/DM5/M+jG2c4PNWynDczUw6Eaxl5E3hU0Ee9UN0Oee7iBnVenS/QMeZNyo5lMA/HXT5lrYiJGTYM0shRjGXXYBbJZhWerguSWDAdUd1gvuGP1nb7/+/Cvb46+HX7zYouS5Ojo0yPzMZ07X142jnKAfx9LnKdMUCwBJzbtoJ91Zc= pinky@ipaserver.el81.local
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky add manager manager1
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager1
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky add manager manager1 again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager1
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky add manager manager2, manager3
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager2,manager3
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky add manager manager2, manager3 again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager2,manager3
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky remove manager manager1
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager1
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky remove manager manager1 again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      manager: manager1
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky add principal pa
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky add principal pa again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky add principal pa1
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa1
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky remove principal pa1
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa1
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky remove principal pa1 again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa1
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky remove principal pa
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky remove principal non-existing pa2
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      principal: pa2
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: User pinky absent and preserved
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      preserve: yes
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky undeleted (preserved before)
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      state: undeleted
+    register: result
+    failed_when: not result.changed
+
+  - name: Users pinky disabled
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      state: disabled
+    register: result
+    failed_when: not result.changed
+
+  - name: User pinky enabled
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      state: enabled
+    register: result
+    failed_when: not result.changed
+
+  - name: Remove test users
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: manager1,manager2,manager3,pinky,pinky2
+      state: absent

tests/user/test_users_absent.yml

@@ -0,0 +1,16 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Include users_absent.json
+    include_vars:
+      file: users_absent.json
+
+  - name: Users absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users: "{{ users }}"
+      state: absent

tests/user/test_users_invalid_cert.yml

@@ -0,0 +1,64 @@
+#
+# Generate self-signed certificates using openssl:
+#
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private1.key -out cert1.pem -subj '/CN=test'
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private2.key -out cert2.pem -subj '/CN=test'
+#   openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout private3.key -out cert3.pem -subj '/CN=test'
+#
+# Convert the certificate do DER for easier handling through CLI
+#
+#   openssl x509 -outform der -in cert1.pem -out cert1.der
+#   openssl x509 -outform der -in cert2.pem -out cert2.der
+#   openssl x509 -outform der -in cert3.pem -out cert3.der
+#
+# Use base64:
+#
+#  base64 cert1.der -w5000
+#  base64 cert2.der -w5000
+#  base64 cert3.der -w5000
+#
+---
+- name: Test user certificates
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: User test absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+      state: absent
+
+  - name: User test present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        first: test
+        last: test
+
+  - name: User test cert members present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certificate:
+        - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: User test cert members absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: test
+        certificate:
+        - MIIC/zCCAeegAwIBAgIUZGHLaSYg1myp6EI4VGWSC27vOrswDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4MzVaFw0yMDEwMTMxNjI4MzVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDER/lB8wUAmPTSwSc/NOXNlzdpPOQDSwrhKH6XsqZF4KpQoSY/nmCjAhJmOVpOUo4K2fGRZ0yAH9fkGv6yJP6c7IAFjLeec7GPHVwN4bZrP1DXfTAmfmXhcRQbCYkV+wmq8Puzw/+xA9EJrrodnJPPsE6E8HnSVLF6Ys9+cJMJ7HuwOI+wYt3gkmspsir1tccmf4x1PP+yHJWdcXyetlFRcmZ8gspjqOR2jb89xSQsh8gcyDW6rPNlSTzYZ2FmNtjES6ZhCsYL31fQbF2QglidlLGpAlvHUUS+xCigW73cvhFPMWXcfO51Mr15RcgYTckY+7QZ2nYqplRBoDlQl6DnAgMBAAGjUzBRMB0GA1UdDgQWBBTPG99XVRdxpOXMZo3Nhy+ldnf13TAfBgNVHSMEGDAWgBTPG99XVRdxpOXMZo3Nhy+ldnf13TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjWTcnIl2mpNbfHAN8DB4Kk+RNRmhsH0y+r/47MXVTMMMToCfofeNY3Jeohu+2lIXMPQfTvXUbDTkNAGsGLv6LtQEUfSREqgk1eY7bT9BFfpH1uV2ZFhCO9jBA+E4bf55Kx7bgUNG31ykBshOsOblOJM1lS/0q4TWHAxrsU2PNwPi8X0ten+eGeB8aRshxS17Ij2cH0fdAMmSA+jMAvTIZl853Bxe0HuozauKwOFWL4qHm61c4O/j1mQCLqJKYfJ9mBDWFQLszd/tF+ePKiNhZCQly60F8Lumn2CDZj5UIkl8wk9Wls5n1BIQs+M8AN65NAdv7+js8jKUKCuyji8r3
+        - MIIC/zCCAeegAwIBAgIUAWE1vaA+mZd3nwZqwWH64EbHvR0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0xOTEwMTQxNjI4NDVaFw0yMDEwMTMxNjI4NDVaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWzJibKtN8Zf7LgandINhFonx99AKi44iaZkrlMKEObE6Faf8NTUbUgK3VfJNYmCbA1baLVJ0YZJijJ7S/4o7h7eeqcJVXJkEhWNTimWXNW/YCzTHe3SSapnSYOKmdHHRClplysL8OyyEG7pbX/aB9iAfFb/+vUFCX5sMwFFrYxOimKJ9Pc/NRFtdv1wNw1rqWKF1ZzagWRlG4QgzRGwQ4quc7yO98TKikj2OPiIt7Zd46hbqQxmgGBtCkVOZIhxu77OmNrFsXmM4rZZpmqh0UdqcpwkRojVnGXmNqeMCd6dNTnLhr9wukUYw0KgE57zCDVr9Ix+p/dA5R1mG4RJ2XAgMBAAGjUzBRMB0GA1UdDgQWBBSbuiH2lNVrID3yt1SsFwtOFKOnpTAfBgNVHSMEGDAWgBSbuiH2lNVrID3yt1SsFwtOFKOnpTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBCVWd293wWyohFqMFMHRBBg97T2Uc1yeT0dMH4BpuOaCqQp4q5ep+uLcXEI6+3mEwm8pa/ULQCD8yLLdotIWlG3+h/4boFpdiPFcBDgT8kGe+0KOzB8Nt7E13QYOu12MNi10qwGrjKhdhu1xBe4fpY5VCetVU1OLyuTsUyucQsFrtZI0SR83h+blbyoMZ7IhMngCfGUe1bnYeWnLbpFbigKfPuVDWsMH2kgj05EAd5EgHkWbX8QA8hmcmDKfNT3YZM8kiGQwmFrnQdq8bN0uHR8Nz+24cbmdbHcD65wlDW6GmYxi8mW+V6bAqn9pir/J14r4YFnqMGgjmdt81tscJV
+      state: absent
+      action: member
+    #register: result
+    #failed_when: not result.changed

tests/user/test_users_present.yml

@@ -0,0 +1,15 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Include users_present.json
+    include_vars:
+      file: users_present.json
+
+  - name: Users present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users: "{{ users }}"

tests/user/test_users_present_slice.yml

@@ -0,0 +1,19 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  vars:
+    slice_size: 500
+  tasks:
+  - name: Include users_present.json
+    include_vars:
+      file: users_present.json
+  - debug:
+      msg: "{{ users | length }}"
+  - name: Users present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users: "{{ users[item:item+slice_size] }}"
+    loop: "{{ range(0,users | length, slice_size) | list }}"

tests/user/users_absent.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+NUM=1000
+FILE="users_absent.json"
+
+echo "{" > $FILE
+
+echo "  \"users\": [" >> $FILE
+
+for i in $(seq 1 $NUM); do
+    echo "    {" >> $FILE
+    echo "      \"name\": \"user$i\"," >> $FILE
+    if [ $i -lt $NUM ]; then
+       echo "    }," >> $FILE
+    else
+       echo "    }" >> $FILE
+    fi
+done
+
+echo "  ]" >> $FILE
+
+echo "}" >> $FILE

tests/user/users_present.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+NUM=1000
+FILE="users_present.json"
+
+echo "{" > $FILE
+
+echo "  \"users\": [" >> $FILE
+
+for i in $(seq 1 $NUM); do
+    echo "    {" >> $FILE
+    echo "      \"name\": \"user$i\"," >> $FILE
+    echo "      \"first\": \"First $i\"," >> $FILE
+    echo "      \"last\": \"Last $i\"" >> $FILE
+    if [ $i -lt $NUM ]; then
+       echo "    }," >> $FILE
+    else
+       echo "    }" >> $FILE
+    fi
+done
+
+echo "  ]" >> $FILE
+
+echo "}" >> $FILE