30 lines
700 B
Django/Jinja
30 lines
700 B
Django/Jinja
[sssd]
|
|
config_file_version = 2
|
|
services = nss, pam
|
|
domains = {{ kerberos_realm }}
|
|
|
|
[nss]
|
|
|
|
[pam]
|
|
|
|
[domain/{{ kerberos_realm }}]
|
|
autofs_provider = none
|
|
sudo_provider = none
|
|
|
|
id_provider = ldap
|
|
chpass_provider = ldap
|
|
ldap_uri = ldaps://{{ ldap_server[0] }}
|
|
ldap_search_base = {{ ldap_basedn }}
|
|
ldap_schema = rfc2307bis
|
|
ldap_group_member = uniqueMember
|
|
ldap_user_uuid = entryUUID
|
|
ldap_group_uuid = entryUUID
|
|
ldap_id_use_start_tls = False
|
|
ldap_tls_reqcert = demand
|
|
ldap_sasl_mech = EXTERNAL
|
|
ldap_tls_cacert = {{ tls_bundle }}
|
|
ldap_tls_cert = {{ tls_certs }}/{{ inventory_hostname }}.crt
|
|
ldap_tls_key = {{ tls_private }}/{{ inventory_hostname }}.key
|
|
|
|
auth_provider = krb5
|
|
krb5_realm = {{ kerberos_realm }}
|