roles/sssd/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

---
- name: Include distribution specific install tasks
  include_tasks: '{{ ansible_facts.os_family | lower }}.yaml'

- name: Install SSSD Config file
  template:
    src: sssd.conf.j2
    dest: /etc/sssd/sssd.conf
    mode: '600'
  become: yes
  notify: Restart sssd

- name: Create LDAP Config dir
  file:
    path: /etc/ldap
    state: directory
  become: yes

- name: Install ldap.conf
  copy:
    content: 'TLS_CACERT      /etc/ssl/certs/ca-certificates.crt'
    dest: /etc/ldap/ldap.conf
  become: yes
  notify: Restart sssd

- name: Auto-create Homedir
  lineinfile:
    path: /etc/pam.d/common-session
    regex: '^session required pam_mkhomedir\.so'
    line: 'session required pam_mkhomedir.so skel=/etc/skel/ umask=0022'
    insertafter: '^session optional pam_sss\.so'
  become: yes

- name: Configure SSH Key login via LDAP
  copy:
    src: sshd_sss_authorized_keys.conf
    dest: /etc/ssh/sshd_config.d/sss_authorized_keys.conf
  become: yes
  when: sssd_ldap.sshd_keys_from_sss | default(false)
  notify:
    - Restart sshd