Skip to content

rhythmictech/ansible-role-sssdldap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
README.md
README.md
 
 

Repository files navigation

ansible-role-sssdldap

Overview

This is a very opinionated role to configure sssd for LDAP authentication against OpenLDAP or Active Directory on RedHat-based systems, including Amazon Linux 2.

This role will install and configure sssd to support a single domain with basic LDAP authentication over TLS. It configures PAM to use sssd for all compatible services, and configure OpenSSH server to source SSH public keys from LDAP via sssd. It bakes in CIS Level 1 compliance for the systems it touches.

Usage

At a minimum, you must define the following vars:

  • sssdldap_ldap_uri
  • sssdldap_bind_dn
  • sssdldap_bind_pw
  • sssdldap_search_base

Their usage is documented in the defaults file.

If using TLS, you must ensure your system already trusts the LDAP TLS certificate in-use. The easiest way to do this is via the system-wide trust store; alternatively you can point sssd at a different trusted certificate file with the var sssdldap_cacert.

About

LDAP authentication via SSSD for EL-based systems

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 6

v1.0.5 Latest
Jan 20, 2021
+ 5 releases

Packages

 
 
 

Contributors

Languages