From 9b55e524d36150027452d649c65ffd0c3c9ac3a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?= Date: Mon, 18 Sep 2017 15:29:59 +0200 Subject: [PATCH] `sssd_bind_password` is now used and can be directly set on a remote host. --- CHANGELOG.md | 5 +++++ README.md | 3 ++- tasks/main.yml | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e01b701..50585fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,9 @@ +## v1.1.3 + +### Enhancement +* `sssd_bind_password` is now used and can be directly set on a remote host. + ## v1.1.2 ### Fix diff --git a/README.md b/README.md index a2efd98..bac791d 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ sssd_search_base: 'ou=People,dc=domain,dc=tld sssd_bind_dn: 'cn=sssd_user,ou=apps,dc=domain,dc=tld' ``` - * Then you also need to enter the `bind_dn_password` on the remote host (`/etc/sssd/conf.d/sssd_domain.conf`|`/etc/sssd/conf.d/dotld.conf`). + * Then you also need to enter the `bind_dn_password` on the remote host (`/etc/sssd/conf.d/sssd_domain.conf`|`/etc/sssd/conf.d/dotld.conf`). If you want to define `bind_dn_password` in a playbook, please be sure to use [Vault][ansible vault] (or any other tool) to cipher your data ! ## Configuration @@ -84,6 +84,7 @@ Jérémy Gardais * [IPR][ipr website] (Institut de Physique de Rennes) [vars directory]: ./vars +[ansible vault]: http://docs.ansible.com/ansible/latest/vault.html [gogs to github hook]: https://stackoverflow.com/a/21998477 [sssd source]: https://git.ipr.univ-rennes1.fr/cellinfo/ansible.sssd [sssd github]: https://github.com/ipr-cnrs/sssd diff --git a/tasks/main.yml b/tasks/main.yml index ed69ec1..eced44a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -53,6 +53,7 @@ content: | [domain/{{ sssd_domain }}] #ldap_default_authtok = password for {{ sssd_bind_dn }} after END BLOCK + {% if sssd_bind_password %} ldap_default_authtok = {{ sssd_bind_password }}{% endif %} when: sssd_conf_manage notify: - restart sssd