Skip to content
/ ansible-sssd Public
forked from fabianlee/ansible-sssd

Ansible role to install SSSD and configure the authentication backend

License

MIT license
1 star 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BrynardSecurity-Ansible/ansible-sssd

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
defaults
defaults
 
 
files
files
 
 
filter_plugins
filter_plugins
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

refual.sssd

Install SSSD and configure the authentication backend

Requirements

  • Ansible >= 2.5
  • Python >= 3.6 (on the target system if using the custom fact)
  • a compatible OS:
    • Debian/Ubuntu
    • RedHat-like

Role Variables

The main configuration variables and their defaults:

# If True, will deploy custom Ansible facts (currently only reports installed SSSD version).
sssd_deploy_facts: True
# List of domains for sssd.conf.
# See the playbook below for an example.
sssd_domains: {}
# When set to True, will install oddjobd and oddjobd-mkhomedir
# to automatically generate home directories as the user first log in.
sssd_oddjob_mkhomedir: False
# List of service sections for sssd.conf, such as nss, pam, etc.
# See the playbook below for an example.
sssd_services: {}

Additional variables you may override if necessary:

# Arguments for the authconfig utility, without the dashes.
# Automatically adds enablemkhomedir if sssd_oddjob_mkhomedir is True.
sssd_authconfig: "{{ ['enablemkhomedir', 'enablesssdauth'] if sssd_oddjob_mkhomedir else ['enablesssdauth'] }}"
# Packages to install for oddjobd and oddjobd-mkhomedir, if sssd_oddjob_mkhomedir is True.
sssd_oddjob_packages:
  - oddjob
  - oddjob-mkhomedir
# Packages to install for SSSD. Defaults to sssd on Debian and authconfig + sssd on RedHat.
sssd_packages: "{{ __sssd_debian_sssd_packages if __sssd_debian else __sssd_redhat_sssd_packages }}"
# The configuration directives for the sssd section of sssd.conf.
# In addition to this, the values for the domains and services directives will be autogenerated
# from the entries in sssd_domains and sssd_services, although you are free to override them.
sssd_sssd:
  config_file_version: 2

Example Playbook

---
- name: SSSD
  hosts: localhost
  roles:
    - refual.sssd
  vars:
    sssd_services:
      nss: {}
      pam:
        offline_credentials_expiration: 3
    sssd_domains:
      example.com:
        id_provider: ldap
        auth_provider: ldap
        ldap_uri: ldap:https://ad1.example.com, ldap:https://ad2.example.com
        ldap_schema: rfc2307bis
        ldap_id_use_start_tls: false
        ldap_tls_reqcert: never

        ldap_default_bind_dn: cn=manager,dc=example,dc=com
        ldap_default_authok: bindpassword
        ldap_default_authok_type: password

        ldap_search_base: dc=example,dc=com
        ldap_user_search_base: dc=users,dc=example,dc=com
        ldap_user_object_class: user
        ldap_user_gecos: name
        ldap_group_search_base: dc=groups,dc=example,dc=com
        ldap_group_object_class: group

        override_shell: /bin/bash

        cache_credentials: true
    sssd_oddjob_mkhomedir: True

License

MIT

Author Information

About

Ansible role to install SSSD and configure the authentication backend

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HCL 42.7%
  • Makefile 22.9%
  • Shell 15.1%
  • HTML 10.9%
  • Python 8.4%