homelab/ansible-collection
0
0
Fork 0
Code Issues 1 Pull requests 1 Releases 159 Activity Actions
ansible-collection/roles/common/templates/etc/sssd/sssd.conf
GregoryDosh 3f1a5fe2cf
All checks were successful
Update Version / Update Version (push) Successful in 6s
Details
feat: basic SSSD_FILTER_GROUPS and SSSD_FILTER_USERS to prevent nss lookups
2024-12-25 16:31:20 -06:00

63 lines
2 KiB
Text
Raw Permalink Blame History

# Ansible Roles for managing Auengun.net Infrastructure & Testing/Learning.
# Source available at git.auengun.net/homelab/ansible-collection
# Copyright (C) 2023 GregoryDosh
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# SPDX-License-Identifier: AGPL-3.0-or-later
# SPDX-FileCopyrightText: 2023 GregoryDosh
[nss]
filter_groups = {%if SSSD_FILTER_GROUPS %}{{ SSSD_FILTER_GROUPS | join(",") }},{% endif %}root
filter_users = {%if SSSD_FILTER_USERS %}{{ SSSD_FILTER_USERS | join(",") }},{% endif %}root
reconnection_retries = 3
shell_fallback = /bin/sh
[sssd]
config_file_version = 2
reconnection_retries = 3
domains = ldap.auengun.net
[pam]
reconnection_retries = 3
[domain/ldap.auengun.net]
id_provider = ldap
chpass_provider = ldap
auth_provider = ldap
access_provider = ldap
default_shell = {{ SSSD_DEFAULT_SHELL }}
ldap_uri = ldaps://auth.auengun.net:636
ldap_tls_reqcert = allow
ldap_id_use_start_tls = false
ldap_tls_cacertdir = /etc/ssl/certs/
ldap_schema = rfc2307bis
ldap_default_bind_dn = {{ LDAPD_BINDDN }}
ldap_default_authtok = {{ LDAPD_BINDPW }}
ldap_search_base = dc=ldap,dc=auengun,dc=net
ldap_user_search_base = ou=users,dc=ldap,dc=auengun,dc=net
ldap_group_search_base = dc=ldap,dc=auengun,dc=net
ldap_user_object_class = user
ldap_user_name = cn
ldap_group_object_class = group
ldap_group_name = cn
ldap_access_order = filter
ldap_access_filter = {{ SSSD_LDAP_FILTER }}
Reference in a new issue View git blame Copy permalink