74 lines
2.4 KiB
Django/Jinja
74 lines
2.4 KiB
Django/Jinja
[sssd]
|
|
services = nss, pam, pac{% if ad_ldap_user_ssh_public_key is defined %}, ssh{% endif %}
|
|
|
|
config_file_version = 2
|
|
domains = {{ ad_realm | upper }}{% for domain in ad_trusted_domains %}, {{ domain.name | upper }}{% endfor %}
|
|
|
|
default_domain_suffix = {{ ad_realm | upper }}
|
|
|
|
[nss]
|
|
shell_fallback = /bin/false
|
|
|
|
[pam]
|
|
|
|
[domain/{{ ad_realm | upper }}]
|
|
id_provider = ad
|
|
access_provider = ad
|
|
ad_hostname = {{ ansible_hostname }}.{{ ad_realm | lower }}
|
|
fallback_homedir = /home/%d/%u
|
|
default_shell = {{ ad_default_shell }}
|
|
cache_credentials = true
|
|
krb5_store_password_if_offline = true
|
|
ad_access_filter = {{ ad_access_filter }}
|
|
{% if ad_ldap_user_search_base is defined %}
|
|
ldap_user_search_base = {{ ad_ldap_user_search_base }}
|
|
{% endif %}
|
|
{% if ad_ldap_group_search_base is defined %}
|
|
ldap_group_search_base = {{ ad_ldap_group_search_base }}
|
|
{% endif %}
|
|
{% if ad_samba_secrets.stat.exists %}
|
|
# Membership password is updated with net ads
|
|
ad_maximum_machine_account_password_age = 0
|
|
{% endif %}
|
|
{% if ad_enumerate %}
|
|
enumerate = true
|
|
{% endif %}
|
|
ad_gpo_access_control = {{ ad_gpo_access_control }}
|
|
{% if not ad_dyndns_update %}
|
|
dyndns_update = false
|
|
{% endif %}
|
|
{% if ad_private_groups %}
|
|
auto_private_groups = true
|
|
{% endif %}
|
|
{% if ad_ldap_user_ssh_public_key is defined %}
|
|
ldap_user_ssh_public_key = {{ ad_ldap_user_ssh_public_key }}
|
|
{% endif %}
|
|
|
|
{% for domain in ad_trusted_domains %}
|
|
|
|
|
|
[domain/{{ domain.name | upper }}]
|
|
id_provider = ad
|
|
access_provider = ad
|
|
fallback_homedir = /home/%d/%u
|
|
default_shell = /bin/false
|
|
cache_credentials = true
|
|
krb5_store_password_if_offline = true
|
|
ldap_krb5_keytab = /var/lib/sss/keytabs/{{ domain.name | upper }}.keytab
|
|
krb5_keytab = /var/lib/sss/keytabs/{{ domain.name | upper }}.keytab
|
|
{% if domain.enumerate %}
|
|
enumerate = true
|
|
{% endif %}
|
|
ad_access_filter = {{ domain.access_filter }}
|
|
{% if domain.ldap_user_search_base is defined and domain.ldap_user_search_base %}
|
|
ldap_user_search_base = {{ domain.ldap_user_search_base }}
|
|
{% endif %}
|
|
{% if domain.ldap_group_search_base is defined and domain.ldap_group_search_base %}
|
|
ldap_group_search_base = {{ domain.ldap_group_search_base }}
|
|
{% endif %}
|
|
ad_gpo_access_control = {{ domain.ad_gpo_access_control | default(ad_gpo_access_control) }}
|
|
{% if domain.ad_ldap_user_ssh_public_key is defined or ad_ldap_user_ssh_public_key is defined %}
|
|
ldap_user_ssh_public_key = {{ domain.ad_ldap_user_ssh_public_key | default(ad_ldap_user_ssh_public_key) }}
|
|
{% endif %}
|
|
{% endfor %}
|