ad_auth

Ansible role ad_auth

Bind a system to Active Directory.

GitHub Version Issues Pull Requests Downloads
github Version Issues PullRequests Ansible Role

Example Playbook

This example is taken from molecule/default/converge.yml and is tested on each push, pull request and release.

---
- name: Converge
  hosts: all
  become: true
  gather_facts: true

  roles:
    - role: buluma.ad_auth
      ad_auth_registration_username: my_username
      ad_auth_registration_password: my_password
      ad_auth_ou: ou=Nerds,ou=Staff
      ad_auth_server: my_server.example.com
      ad_auth_domain: my_domain.local
      ad_auth_join: false
      ad_auth_simple_allow_users:
        - my_user_1
        - my_user_2

The machine needs to be prepared. In CI this is done using molecule/default/prepare.yml:

---
- name: Prepare
  hosts: all
  become: true
  gather_facts: false
  vars:
    python_pip_modules:
      - name: pexpect

  roles:
    - role: buluma.bootstrap
    - role: buluma.epel
    - role: buluma.python_pip

Also see a full explanation and example on how to use these roles.

Role Variables

The default values for the variables are set in defaults/main.yml:

---
# defaults file for ad_auth

# The username to register to AD, for example: "bind_user".
ad_auth_registration_username: "unset"

# The password to register to AD, for example: "MyPaSsWoRd".
ad_auth_registration_password: "unset"

# The OU to search in, for example: "ou=Nerds,ou=Staff".
ad_auth_ou: "unset"

# The server to bind to, for example: "ad.example.com".
ad_auth_server: "unset"

# The domain to use for SSSD configuration, for example: "example.com".
ad_auth_domain: "usnet.local"

# Should this role try to bind to the AD server?
# (This can be unset for automated testing)
ad_auth_join: true

# To limit selected users to login, fill this list with users that are
# allowed to login:
# ad_auth_simple_allow_users:
#   - my_user_1
#   - my_user_2

Requirements

State of used roles

The following roles are used to prepare a system. You can prepare your system in another way.

Requirement GitHub Version
buluma.bootstrap Ansible Molecule Version
buluma.epel Ansible Molecule Version
buluma.python_pip Ansible Molecule Version

Dependencies

Most roles require some kind of preparation, this is done in molecule/default/prepare.yml. This role has a "hard" dependency on the following roles:

  • {'src': 'buluma.python_pip', 'version': '1.0.7', 'name': 'buluma.python_pip'}

Context

This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.

Here is an overview of related roles:

dependencies

Compatibility

This role has been tested on these container images:

container tags
EL all
Fedora all

The minimum version of Ansible required is 2.12, tests have been done to:

  • The previous version.
  • The current version.
  • The development version.

If you find issues, please register them in GitHub

Changelog

Role History

License

Apache-2.0

Author Information

Shadow Walker

About

Bind a system to Active Directory.

Install
ansible-galaxy install buluma/ansible-role-ad_auth
GitHub repository
License
apache-2.0
Downloads
3454
Owner
DevOps Engineer