From 77b42f82b26299a525052c5dcebcbaaef3cf1d50 Mon Sep 17 00:00:00 2001 From: Jonas Gunz Date: Thu, 9 Sep 2021 21:57:57 +0200 Subject: add sssd --- roles/sssd/templates/sssd.conf.j2 | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 roles/sssd/templates/sssd.conf.j2 (limited to 'roles/sssd/templates') diff --git a/roles/sssd/templates/sssd.conf.j2 b/roles/sssd/templates/sssd.conf.j2 new file mode 100644 index 0000000..c6ae86f --- /dev/null +++ b/roles/sssd/templates/sssd.conf.j2 @@ -0,0 +1,34 @@ +# vi: ft=conf +# This file is managed by Ansible. Do not change. + +[sssd] +services = nss, pam +config_file_version = 2 +domains = default + +[nss] +override_shell = /bin/bash + +[pam] +offline_credentials_expiration = 60 + +[domain/default] +id_provider = ldap +auth_provider = ldap +chpass_provider = ldap +cache_credentials = True +access_provider = simple + +ldap_id_use_start_tls = {{ sssd_ldap.start_tls }} +ldap_tls_reqcert = demand + +ldap_search_base = {{ sssd_ldap.base_dn }} +ldap_group_search_base = {{ sssd_ldap.group_dn }} +ldap_user_search_base = {{ sssd_ldap.user_dn }} +ldap_access_filter = {{ sssd_ldap.access_filter }} + +ldap_uri = {{ sssd_ldap.host }} +ldap_default_bind_dn = {{ sssd_ldap.bind_dn }} +ldap_default_authtok = {{ sssd_ldap.bind_pw }} +ldap_search_timeout = 50 +ldap_network_timeout = 60 -- cgit v1.2.3