sssd: Disable unused services and enumeration

We are not using autofs or sudo via LDAP so disable them. Enumeration doesn't seem to help getting all users via getent so disable it.
2020-11-17 18:15:23 +00:00 · 2020-11-17 18:15:23 +00:00 · 0ba135be52
commit 0ba135be52
parent f035101cce
1 changed files with 2 additions and 1 deletions
--- a/roles/sssd/templates/sssd.conf.j2
+++ b/roles/sssd/templates/sssd.conf.j2
@ -11,6 +11,8 @@ domains = {{ kerberos_realm }}
 id_provider = ldap
 auth_provider = krb5
 chpass_provider = ldap
+autofs_provider = none
+sudo_provider = none
 ldap_uri = ldaps://{{ ldap_server[0] }}
 ldap_search_base = {{ ldap_basedn }}
 ldap_schema = rfc2307bis
@ -23,5 +25,4 @@ ldap_sasl_mech = EXTERNAL
 ldap_tls_cacert = {{ tls_bundle }}
 ldap_tls_cert = {{ tls_certs }}/{{ inventory_hostname }}.crt
 ldap_tls_key = {{ tls_private }}/{{ inventory_hostname }}.key
-enumerate = true
 krb5_realm = {{ kerberos_realm }}