59 lines
1.4 KiB
YAML
59 lines
1.4 KiB
YAML
---
|
|
- name: Check for marker line
|
|
lineinfile:
|
|
path: /etc/sssd/sssd.conf
|
|
create: true
|
|
state: present
|
|
line: "# BEGIN ANSIBLE MANAGED BLOCK"
|
|
register: marker_check
|
|
|
|
- name: Delete file if marker is absent
|
|
file:
|
|
path: /etc/sssd/sssd.conf
|
|
state: absent
|
|
when: marker_check.changed
|
|
|
|
- name: sssd config
|
|
blockinfile:
|
|
path: /etc/sssd/sssd.conf
|
|
state: present
|
|
create: true
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0600"
|
|
block: |
|
|
[sssd]
|
|
domains = default
|
|
services = nss,pam,ssh
|
|
|
|
[domain/default]
|
|
id_provider = ldap
|
|
ldap_uri = ldaps://ldap.neuro.uni-bremen.de:636
|
|
ldap_search_base = dc=ldap,dc=neuro,dc=uni-bremen,dc=de
|
|
|
|
ldap_user_name = uid
|
|
ldap_user_uid_number = uidNumber
|
|
ldap_user_gid_number = gidNumber
|
|
ldap_user_home_directory = homeDirectory
|
|
loginShell = loginShell
|
|
ldap_user_fullname = cn
|
|
ldap_user_object_class = posixAccount
|
|
ldap_default_authtok_type = password
|
|
ldap_tls_reqcert = never
|
|
|
|
# ldap_auth_disable_tls_never_use_in_production = true
|
|
# ldap_id_use_start_tls = False
|
|
register: marker_check
|
|
|
|
- name: enable sssd
|
|
shell: "/usr/bin/authselect select sssd --force"
|
|
when: marker_check.changed
|
|
|
|
- name: Make sure sssd is updated
|
|
systemd_service:
|
|
daemon_reload: true
|
|
state: restarted
|
|
enabled: true
|
|
name: sssd
|
|
when: marker_check.changed
|
|
|