ad_auth

ad_auth

DEPRECATION WARNING: This repository is not maintained anymore; This role only runs on CentOS 7 and required pip modules, but since end of 2020 there is no development on python 2 anymore.

Bind a system to Active Directory.

GitHub GitLab Quality Downloads Version
github gitlab quality downloads Version

Example Playbook

This example is taken from molecule/resources/converge.yml and is tested on each push, pull request and release.

---
- name: converge
  hosts: all
  become: yes
  gather_facts: yes

  roles:
    - role: robertdebock.ad_auth
      ad_auth_registration_username: my_username
      ad_auth_registration_password: my_password
      ad_auth_ou: ou=Nerds,ou=Staff
      ad_auth_server: my_server.example.com
      ad_auth_domain: my_domain.local
      ad_auth_join: no
      ad_auth_simple_allow_users:
        - my_user_1
        - my_user_2

The machine needs to be prepared in CI this is done using molecule/resources/prepare.yml:

---
- name: prepare
  hosts: all
  become: yes
  gather_facts: no

  roles:
    - role: robertdebock.bootstrap
    - role: robertdebock.epel
    - role: robertdebock.python_pip

Also see a full explanation and example on how to use these roles.

Role Variables

These variables are set in defaults/main.yml:

---
# defaults file for ad_auth

# The username to register to AD, for example: "bind_user"
ad_auth_registration_username: "unset"

# The password to register to AD, for example: "MyPaSsWoRd"
ad_auth_registration_password: "unset"

# The OU to search in, for example: "ou=Nerds,ou=Staff"
ad_auth_ou: "unset"

# The server to bind to, for example: "ad.example.com"
ad_auth_server: "unset"

# The domain to use for SSSD configuration, for example: "example.com"
ad_auth_domain: "usnet.local"

# Should this role try to bind to the AD server?
# (This can be unset for automated testing)
ad_auth_join: yes

# To limit selected users to login, fill this list with users that are
# allowed to login:
# ad_auth_simple_allow_users:
#   - my_user_1
#   - my_user_2

Requirements

Status of requirements

The following roles are used to prepare a system. You may choose to prepare your system in another way, I have tested these roles as well.

Requirement GitHub GitLab
robertdebock.bootstrap Build Status GitHub Build Status GitLab
robertdebock.epel Build Status GitHub Build Status GitLab
robertdebock.python_pip Build Status GitHub Build Status GitLab

Context

This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.

Here is an overview of related roles: dependencies

Compatibility

This role has been tested on these container images:

container tags
el 7

The minimum version of Ansible required is 2.10, tests have been done to:

  • The previous version.
  • The current version.
  • The development version.

If you find issues, please register them in GitHub

License

Apache-2.0

Contributors

I'd like to thank everybody that made contributions to this repository. It motivates me, improves the code and is just fun to collaborate.

Author Information

Robert de Bock

Please consider sponsoring me.

About

Bind a system to Active Directory.

Install
ansible-galaxy install robertdebock/ansible-role-ad_auth
GitHub repository
License
apache-2.0
Downloads
268
Owner
I know my way around (Linux) infrastructure, have a passion for automation, Docker, Ansible, Molecule and ci/cd.