crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[sssd] Optional enumerate

certbot_on_virtu
_shirenn 2021-06-21 12:11:16 +02:00
parent b444ba646f
commit df8baa6651
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/sssd.yml
View File

@ -1,6 +1,7 @@
glob_sssd:
primary:
domain: tealc.adm.crans.org
enumerate: "true"
servers:
- "{{ query('ldap','ip','tealc','adm') | ipv4 | first }}"
- "{{ query('ldap','ip','sam','adm') | ipv4 | first }}"
@ -9,6 +10,7 @@ glob_sssd:
base: "dc=crans,dc=org"
secondary:
domain: re2o-ldap.adm.crans.org
enumerate: "false"
base: "dc=crans,dc=org"
bind:
dn: "cn=nslcd,ou=service-users,dc=crans,dc=org"

4
roles/sssd/templates/sssd/sssd.conf.j2
View File

@ -6,7 +6,7 @@ domains = {{ sssd.primary.domain }}, {{ sssd.secondary.domain }}
[domain/{{ sssd.primary.domain }}]
ldap_access_filter = (objectClass=posixAccount)
enumerate = true
enumerate = {{ sssd.primary.enumerate }}
id_provider = ldap
auth_provider = ldap
ldap_uri = ldaps://{{ sssd.primary.domain }}
@ -19,7 +19,7 @@ ldap_tls_reqcert = allow
[domain/{{ sssd.secondary.domain }}]
ldap_access_filter = (objectClass=posixAccount)
enumerate = true
enumerate = {{ sssd.secondary.enumerate }}
id_provider = ldap
auth_provider = ldap
ldap_uri = ldaps://{{ sssd.secondary.domain }}