davrot/neuro_ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
neuro_ansible/yaml_sub/sssd.yaml

84 lines
2 KiB
YAML
Raw Blame History

---
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install sssd
dnf:
name: sssd,sssd-ldap,sssd-tools
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Check for marker line
lineinfile:
path: /etc/sssd/sssd.conf
create: true
state: present
line: "# BEGIN ANSIBLE MANAGED BLOCK"
register: marker_check
- name: Delete file if marker is absent
file:
path: /etc/sssd/sssd.conf
state: absent
when: marker_check.changed
- name: sssd config
blockinfile:
path: /etc/sssd/sssd.conf
state: present
create: true
owner: "root"
group: "root"
mode: "0600"
block: |
[sssd]
domains = default
services = nss,pam,ssh
[domain/default]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldaps://ldap.neuro.uni-bremen.de:636
ldap_search_base = dc=ldap,dc=neuro,dc=uni-bremen,dc=de
ldap_user_search_base = ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
ldap_group_search_base = ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
ldap_user_name = uid
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = homeDirectory
ldap_user_shell = loginShell
ldap_user_fullname = cn
ldap_user_object_class = posixAccount
ldap_default_authtok_type = password
ldap_tls_reqcert = never
ldap_group_object_class = posixGroup
ldap_group_gid_number = gidNumber
ldap_group_member = memberUid
ldap_group_name = cn
ldap_group_nesting_level = 5
register: marker_check
- name: enable sssd
shell: "/usr/bin/authselect select sssd --force"
when: marker_check.changed
- name: Make sure sssd is updated
systemd_service:
daemon_reload: true
state: restarted
enabled: true
name: sssd
when: marker_check.changed
Reference in a new issue View git blame Copy permalink