From 2c423fc0cafe4d2c2cd04774aebfc6ec63a45cd2 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 31 Jan 2025 16:42:23 +0000
Subject: [PATCH] sssd: Allow limiting access by groups

---
 roles/sssd/templates/sssd.conf.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/sssd/templates/sssd.conf.j2 b/roles/sssd/templates/sssd.conf.j2
index 6aed734..38e7cf8 100644
--- a/roles/sssd/templates/sssd.conf.j2
+++ b/roles/sssd/templates/sssd.conf.j2
@@ -28,3 +28,8 @@ ldap_tls_key = {{ tls_private }}/{{ inventory_hostname }}.key
 
 auth_provider = krb5
 krb5_realm = {{ kerberos_realm }}
+{% if sssd_allow_groups is defined %}
+
+access_provider = simple
+simple_allow_groups = {{ sssd_allow_groups | join(',') }}
+{% endif %}