Forge Home


Allow login to AIX servers based on membership of a ldap based group.


5,956 latest version

4.1 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.1 (latest)
released Aug 5th 2016
This version is compatible with:

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'bwilcox-group_allow', '1.0.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add bwilcox-group_allow
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install bwilcox-group_allow --version 1.0.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Tags: aix


bwilcox/group_allow — version 1.0.1 Aug 5th 2016


Table of Contents

  1. Description
  2. Setup - The basics of getting started with group_allow
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module


This module's purpose in life is to take the members of a group defined in an LDAP directory and ensure that they are allowed to login to an AIX server.

This is to support AIX in LDAP environments where the directory service does not allow AIX to be fully managed from the directory.

This module will gather the list of users in a group, gather a list of users from /etc/security/user and then compare the two.

Any users in the group list which are not on the system already will be added if ensure is set to 'present.' The users home directory will be created if it does not already exist, /etc/security/.profile will be copied to it, permission set to the user and the mode set to 750.


Add this to your puppet installations modules directory and sync your agents.

Beginning with group_allow

It will only add users who are not already allowed to login.

Valid parameters are: ensure: It is ensurable, but it does not remove users.



group_allow { 'appusers':
  ensure => present


This module was built to explicitly use the AIX commands lsgroup, lsuser and chsec.


This module can only add users. Even though it is ensurable, it won't do anything if you set ensure => absent. The problem here is that a user can be a member of more than one group and/or a user may have been added as a one-off. This module just simplifies and automates getting users onto the server.


This was written specifically to support AIX with functionality that Windows and even Linux enjoy. I don't konw if there is a need for this anywhere else, but if there is feel free to embrace and extend.