53 lines
1.2 KiB
YAML
53 lines
1.2 KiB
YAML
---
|
|
- name: Install sssd and nslcd
|
|
apt:
|
|
update_cache: true
|
|
name:
|
|
- sssd
|
|
- libnss-ldapd
|
|
- libpam-ldapd
|
|
state: present
|
|
register: apt_result
|
|
retries: 3
|
|
until: apt_result is succeeded
|
|
|
|
- name: Configure sssd
|
|
template:
|
|
src: sssd/sssd.conf.j2
|
|
dest: /etc/sssd/sssd.conf
|
|
mode: 0600
|
|
notify: Restart sssd service
|
|
|
|
- name: Configure nslcd for hosts
|
|
template:
|
|
src: nslcd.conf.j2
|
|
dest: /etc/nslcd.conf
|
|
mode: 0600
|
|
notify: Restart nslcd service
|
|
|
|
- name: Configure NSS to use sss
|
|
lineinfile:
|
|
dest: /etc/nsswitch.conf
|
|
regexp: "^{{ item.name }}:"
|
|
line: "{{ item.name }}: {{ item.db }}"
|
|
loop:
|
|
- {name: passwd, db: files systemd sss}
|
|
- {name: group, db: files systemd sss}
|
|
- {name: shadow, db: files sss}
|
|
- {name: networks, db: files ldap}
|
|
- {name: hosts, db: files ldap dns}
|
|
|
|
- name: Disable nscd cache
|
|
lineinfile:
|
|
dest: /etc/nscd.conf
|
|
regex: "^enable-cache +{{ item }}"
|
|
line: "enable-cache {{ item }} no"
|
|
loop:
|
|
- "passwd"
|
|
- "group "
|
|
|
|
- name: Configure PAM authentication
|
|
template:
|
|
src: pam.d/common-password.j2
|
|
dest: /etc/pam.d/common-password
|