roumano.ldap_client

Requirements

Optional: Define a variable domainname to update /etc/hosts with the IP and hostname of the LDAP server.

Example of a group_vars/inventory.yml:

---
ldap:
   ssl: exemple_ca.crt
   server: "ldaps://ldap1/,ldaps://ldap2/"
   base: "dc=exemple,dc=com"
   bind: "cn=readonly"
   servers:
     - hostname: ldap1
       ip: 10.0.0.1
     - hostname: ldap2
       ip: 10.0.0.2
domainname: 'aws.edifixio.com'

Example of how to use:

- { role: ldap_client, when: ldap is defined and ldap.base is defined and ldap.server is defined }

Tasks to perform:

Install the necessary LDAP packages:
- For Debian: sssd-ldap, sssd-tools, sudo
- For RedHat: authconfig, sssd-ldap, sssd-tools, sudo, openldap-clients
Push SSL certificate if there is one.
Update /etc/hosts for the LDAP server.
Update /etc/nsswitch.conf (add sss).
Enable the sssd service to start at machine boot.
Run authconfig (on RedHat) to configure PAM and other settings.
Run pam-auth-update (on Debian) to configure PAM.
Enable home directory creation at the first login using pam_mkhomedir.so (for Debian).
Configure /etc/openldap/ldap.conf for default LDAP parameters in ldapsearch.
In SSHD: Add AuthorizedKeysCommand and AuthorizedKeysCommandUser in /etc/ssh/sshd_config to retrieve SSH keys from LDAP.

Informazioni sul progetto

Role to install and configuration ldap client

role authentification ldap sssd system

Installa

ansible-galaxy install roumano.ldap_client

GitHub repository

1 stelle

1 fork

1 problemi aperti

Licenza

gpl-3.0

Download

182

Proprietario

roumano