31 lines
1019 B
Django/Jinja
31 lines
1019 B
Django/Jinja
{{ ansible_header | comment }}
|
|
[sssd]
|
|
config_file_version = 2
|
|
domains = {{ sssd.primary.domain }}, {{ sssd.secondary.domain }}
|
|
|
|
[domain/{{ sssd.primary.domain }}]
|
|
ldap_access_filter = (objectClass=posixAccount)
|
|
enumerate = {{ sssd.primary.enumerate }}
|
|
id_provider = ldap
|
|
auth_provider = ldap
|
|
ldap_uri = {{ sssd.primary.servers | join(', ') }}
|
|
ldap_search_base = {{ sssd.primary.base }}
|
|
{% if sssd.primary.bind is defined -%}
|
|
ldap_default_bind_dn = {{ sssd.primary.bind.dn }}
|
|
ldap_default_authtok = {{ sssd.primary.bind.passwd }}
|
|
{% endif %}
|
|
ldap_tls_reqcert = allow
|
|
|
|
[domain/{{ sssd.secondary.domain }}]
|
|
ldap_access_filter = (objectClass=posixAccount)
|
|
enumerate = {{ sssd.secondary.enumerate }}
|
|
id_provider = ldap
|
|
auth_provider = ldap
|
|
ldap_uri = {{ sssd.secondary.servers | join(', ') }}
|
|
ldap_search_base = {{ sssd.secondary.base }}
|
|
{% if sssd.secondary.bind is defined -%}
|
|
ldap_default_bind_dn = {{ sssd.secondary.bind.dn }}
|
|
ldap_default_authtok = {{ sssd.secondary.bind.passwd }}
|
|
{% endif %}
|
|
ldap_tls_reqcert = allow
|