Timo Makinen
0ba135be52
We are not using autofs or sudo via LDAP so disable them. Enumeration doesn't seem to help getting all users via getent so disable it.
28 lines
698 B
Django/Jinja
28 lines
698 B
Django/Jinja
[sssd]
|
|
config_file_version = 2
|
|
services = nss, pam
|
|
domains = {{ kerberos_realm }}
|
|
|
|
[nss]
|
|
|
|
[pam]
|
|
|
|
[domain/{{ kerberos_realm }}]
|
|
id_provider = ldap
|
|
auth_provider = krb5
|
|
chpass_provider = ldap
|
|
autofs_provider = none
|
|
sudo_provider = none
|
|
ldap_uri = ldaps://{{ ldap_server[0] }}
|
|
ldap_search_base = {{ ldap_basedn }}
|
|
ldap_schema = rfc2307bis
|
|
ldap_group_member = uniqueMember
|
|
ldap_user_uuid = entryUUID
|
|
ldap_group_uuid = entryUUID
|
|
ldap_id_use_start_tls = False
|
|
ldap_tls_reqcert = demand
|
|
ldap_sasl_mech = EXTERNAL
|
|
ldap_tls_cacert = {{ tls_bundle }}
|
|
ldap_tls_cert = {{ tls_certs }}/{{ inventory_hostname }}.crt
|
|
ldap_tls_key = {{ tls_private }}/{{ inventory_hostname }}.key
|
|
krb5_realm = {{ kerberos_realm }}
|