Manage LDAP authentication with SSSD (System Security Services Daemon)

Go to file

Jeremy Gardais 9ff911e980 Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file (#1 ).		2017-08-21 16:27:36 +02:00
defaults	Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file (#1 ).	2017-08-21 16:27:36 +02:00
handlers	Rename ipr.sssd to ipr-cnrs.sssd.	2017-07-18 16:21:35 +02:00
meta	Update doc.	2017-07-19 19:34:43 +02:00
tasks	Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file (#1 ).	2017-08-21 16:27:36 +02:00
templates/etc/sssd	Create a specific repo for sssd role.	2017-07-18 14:23:07 +02:00
vars	Create a specific repo for sssd role.	2017-07-18 14:23:07 +02:00
CHANGELOG.md	Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file (#1 ).	2017-08-21 16:27:36 +02:00
README.md	Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file (#1 ).	2017-08-21 16:27:36 +02:00

README.md

SSSD

Overview
Role Variables
- OS Specific Variables
Example Playbook
Configuration
Development
License
Author Information

Overview

Manage LDAP authentication with SSSD (System Security Services Daemon).

Highly inspired by Lae's system_ldap role with minors updates (test only on Debian 9 and maybe on OpenSuse).

Role Variables

sssd_pkg_state : State of new sssd packages [default : latest].
sssd_conf_manage : If SSSD configuration should be managed with this role [default : true].
sssd_main_conf_path : Path to set main SSSD's configuration [default : /etc/sssd/sssd.conf].
sssd_main_conf_tpl : Template used to generate the previous config file [default : etc/sssd/sssd.conf.j2].
sssd_mkhomedir : If home directories should be created at login [default : true].
sssd_home_path : Path where home directories are stored [default : /home].
sssd_sudoers_ldap : If sudo must look to sss the list of sudoers [default : false].
sssd_service_name : SSSD's service name [default : sssd].

OS Specific Variables

Please see default value by Operating System file in vars directory.

sssd_pkg_list : The list of packages to install to provide sssd.

Example Playbook

Use defaults vars :

- hosts: serverXYZ
  roles:
    - role: ipr-cnrs.sssd

With a group_vars/serverxyz.yml file :

sssd_domain: 'dotld'
sssd_uris:
  - ldap://ldap.domain.tld
sssd_search_base: 'ou=People,dc=domain,dc=tld
sssd_bind_dn: 'cn=sssd_user,ou=apps,dc=domain,dc=tld'

Then you also need to enter the bind_dn_password on the remote host (/etc/sssd/conf.d/sssd_domain.conf|/etc/sssd/conf.d/dotld.conf).

Configuration

This role will :

Install needed packages to provide sssd.
Manage the default sssd configuration file (/etc/sssd/sssd.conf).
Create an additionnal configuration file to only store the bind_password (/etc/sssd/conf.d/domain.bind.conf).
Remove sss directive for sudoers in /etc/nsswitch.conf file.
Manage sssd service.

Development

This source code comes from our Gogs instance and the Github repo exist just to be able to send the role to Ansible Galaxy…

But feel free to send issue/PR here :)

Thanks to this hook, Github automatically got updates from our Gogs instance :)

License

WTFPL

Author Information

Jérémy Gardais

Source : on IPR's Gogs
IPR (Institut de Physique de Rennes)

README.md Unescape Escape