2.3 KiB

Raw Blame History

SSSD

Overview
Role Variables
- OS Specific Variables
Example Playbook
Configuration
License
Author Information

Overview

Manage LDAP authentication with SSSD (System Security Services Daemon).

Highly inspired by Lae's system_ldap role with minors updates (test only on Debian 9 and maybe on OpenSuse).

Role Variables

sssd_pkg_state : State of new sssd packages [default : latest].
sssd_conf_manage : If SSSD configuration should be managed with this role [default : true].
sssd_main_conf_path : Path to set main SSSD's configuration [default : /etc/sssd/sssd.conf].
sssd_main_conf_tpl : Template used to generate the previous config file [default : etc/sssd/sssd.conf.j2].
sssd_mkhomedir : If home directories should be created at login [default : true].
sssd_home_path : Path where home directories are stored [default : /home].
sssd_service_name : SSSD's service name [default : sssd].

OS Specific Variables

Please see default value by Operating System file in vars/ directory.

sssd_pkg_list : The list of packages to install to provide sssd.

Example Playbook

Use defaults vars :

- hosts: serverXYZ
  roles:
    - role: ipr.sssd

With a group_vars/serverxyz.yml file :

sssd_domain: 'dotld'
sssd_uris:
  - ldap://ldap.domain.tld
sssd_search_base: 'ou=People,dc=domain,dc=tld
sssd_bind_dn: 'cn=sssd_user,ou=apps,dc=domain,dc=tld'

Then you also need to enter the bind_dn_password on the remote host (/etc/sssd/conf.d/sssd_domain.conf|/etc/sssd/conf.d/dotld.conf).

Configuration

This role will :

Install needed packages to provide sssd.
Manage the default sssd configuration file (/etc/sssd/sssd.conf).
Create an additionnal configuration file to only store the bind_password (/etc/sssd/conf.d/domain.bind.conf).
Manage sssd service.

License

WTFPL

Author Information

Jérémy Gardais

Source : …
IPR (Institut de Physique de Rennes)

2.3 KiB Raw Blame History Unescape Escape