35 lines
834 B
Django/Jinja
35 lines
834 B
Django/Jinja
[sssd]
|
|
config_file_version = 2
|
|
services = nss, pam
|
|
domains = {{ kerberos_realm }}
|
|
|
|
[nss]
|
|
|
|
[pam]
|
|
|
|
[domain/{{ kerberos_realm }}]
|
|
autofs_provider = none
|
|
sudo_provider = none
|
|
|
|
id_provider = ldap
|
|
chpass_provider = ldap
|
|
ldap_uri = ldaps://{{ ldap_server[0] }}
|
|
ldap_search_base = {{ ldap_basedn }}
|
|
ldap_schema = rfc2307bis
|
|
ldap_group_member = uniqueMember
|
|
ldap_user_uuid = entryUUID
|
|
ldap_group_uuid = entryUUID
|
|
ldap_id_use_start_tls = False
|
|
ldap_tls_reqcert = demand
|
|
ldap_sasl_mech = EXTERNAL
|
|
ldap_tls_cacert = {{ tls_bundle }}
|
|
ldap_tls_cert = {{ tls_certs }}/{{ inventory_hostname }}.crt
|
|
ldap_tls_key = {{ tls_private }}/{{ inventory_hostname }}.key
|
|
|
|
auth_provider = krb5
|
|
krb5_realm = {{ kerberos_realm }}
|
|
{% if sssd_allow_groups is defined %}
|
|
|
|
access_provider = simple
|
|
simple_allow_groups = {{ sssd_allow_groups | join(',') }}
|
|
{% endif %}
|