ansible.sssd/templates/etc/sssd/sssd.conf.j2

57 lines
1.2 KiB
Django/Jinja

# {{ ansible_managed }} }
[sssd]
config_file_version = 2
services = nss, pam, autofs
domains = {{ sssd_domain }}
[domain/{{ sssd_domain }}]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
#access_provider = ldap
autofs_provider = ldap
{# connection configuration #}
ldap_schema = {{ sssd_schema }}
ldap_uri = {{ sssd_uris | join(',') }}
ldap_tls_cacertdir = /etc/ssl/certs
ldap_id_use_start_tls = True
ldap_tls_reqcert = never
{# search configuration #}
ldap_search_base = {{ sssd_search_base }}
ldap_default_bind_dn = {{ sssd_bind_dn }}
ldap_default_authtok_type = password
#ldap_default_authtok = ... # See conf.d/default.bind.conf
cache_credentials = True
entry_cache_timeout = 5400
## Filter
# LDAP
#access_provider = ldap
#ldap_access_order = filter
#ldap_access_filter = (memberof=cn=groupeA,ou=Groupes,dc=domain,dc=tld)
{# mapping/attribute configuration #}
override_homedir = {{ sssd_home_path }}/%u
krb5_realm = #
# Simple
#access_provider = simple
#simple_allow_groups = groupeA,ou=Groupes,dc=domain,dc=tld
ldap_user_uuid = entryuuid
ldap_group_uuid = entryuuid
enumerate = False
[nss]
filter_groups = root
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
homedir_substring = /home
[pam]
reconnection_retries = 3