2024-03-29 01:55:48 +01:00
|
|
|
---
|
2024-04-16 10:10:11 +02:00
|
|
|
|
|
|
|
|
- name: remove other files
|
|
|
|
|
include_tasks: yaml_sub/myrepo_clean.yaml
|
|
|
|
|
- name: update file myrepo.repo
|
|
|
|
|
import_tasks: yaml_sub/myrepo_data.yaml
|
|
|
|
|
|
|
|
|
|
- name: install sssd
|
|
|
|
|
dnf:
|
|
|
|
|
name: sssd,sssd-ldap,sssd-tools
|
|
|
|
|
state: present
|
|
|
|
|
update_cache: true
|
|
|
|
|
skip_broken: true
|
|
|
|
|
nobest: false
|
|
|
|
|
allowerasing: true
|
|
|
|
|
|
2024-03-29 01:55:48 +01:00
|
|
|
- name: Check for marker line
|
|
|
|
|
lineinfile:
|
|
|
|
|
path: /etc/sssd/sssd.conf
|
|
|
|
|
create: true
|
|
|
|
|
state: present
|
|
|
|
|
line: "# BEGIN ANSIBLE MANAGED BLOCK"
|
|
|
|
|
register: marker_check
|
|
|
|
|
|
|
|
|
|
- name: Delete file if marker is absent
|
|
|
|
|
file:
|
|
|
|
|
path: /etc/sssd/sssd.conf
|
|
|
|
|
state: absent
|
|
|
|
|
when: marker_check.changed
|
|
|
|
|
|
|
|
|
|
- name: sssd config
|
|
|
|
|
blockinfile:
|
|
|
|
|
path: /etc/sssd/sssd.conf
|
|
|
|
|
state: present
|
|
|
|
|
create: true
|
|
|
|
|
owner: "root"
|
|
|
|
|
group: "root"
|
|
|
|
|
mode: "0600"
|
|
|
|
|
block: |
|
|
|
|
|
[sssd]
|
|
|
|
|
domains = default
|
|
|
|
|
services = nss,pam,ssh
|
|
|
|
|
|
|
|
|
|
[domain/default]
|
|
|
|
|
id_provider = ldap
|
2024-04-16 10:10:11 +02:00
|
|
|
auth_provider = ldap
|
|
|
|
|
chpass_provider = ldap
|
|
|
|
|
|
2024-04-12 17:38:02 +02:00
|
|
|
ldap_uri = ldaps://ldap.neuro.uni-bremen.de:636
|
|
|
|
|
ldap_search_base = dc=ldap,dc=neuro,dc=uni-bremen,dc=de
|
2024-04-16 10:10:11 +02:00
|
|
|
ldap_user_search_base = ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
|
|
|
|
|
ldap_group_search_base = ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
|
2024-04-12 17:38:02 +02:00
|
|
|
|
|
|
|
|
ldap_user_name = uid
|
|
|
|
|
ldap_user_uid_number = uidNumber
|
|
|
|
|
ldap_user_gid_number = gidNumber
|
|
|
|
|
ldap_user_home_directory = homeDirectory
|
2024-04-16 10:10:11 +02:00
|
|
|
ldap_user_shell = loginShell
|
2024-04-12 17:38:02 +02:00
|
|
|
ldap_user_fullname = cn
|
|
|
|
|
ldap_user_object_class = posixAccount
|
|
|
|
|
ldap_default_authtok_type = password
|
|
|
|
|
ldap_tls_reqcert = never
|
|
|
|
|
|
2024-04-16 10:10:11 +02:00
|
|
|
ldap_group_object_class = posixGroup
|
|
|
|
|
ldap_group_gid_number = gidNumber
|
|
|
|
|
ldap_group_member = memberUid
|
|
|
|
|
ldap_group_name = cn
|
|
|
|
|
ldap_group_nesting_level = 5
|
|
|
|
|
|
|
|
|
|
|
2024-03-29 01:55:48 +01:00
|
|
|
register: marker_check
|
|
|
|
|
|
|
|
|
|
- name: enable sssd
|
|
|
|
|
shell: "/usr/bin/authselect select sssd --force"
|
|
|
|
|
when: marker_check.changed
|
|
|
|
|
|
|
|
|
|
- name: Make sure sssd is updated
|
|
|
|
|
systemd_service:
|
|
|
|
|
daemon_reload: true
|
|
|
|
|
state: restarted
|
|
|
|
|
enabled: true
|
|
|
|
|
name: sssd
|
|
|
|
|
when: marker_check.changed
|
|
|
|
|
|
