ansible-role-ldap-auth/templates/sssd.conf

[sssd]
services = nss, pam, sudo
config_file_version = 2
domains = LDAP

[domain/LDAP]
cache_credentials = true

id_provider = ldap
auth_provider = ldap
sudo_provider = ldap

ldap_uri = {{ ldap_uris | join(',') }}
ldap_default_bind_dn = {{ ldap_bind_dn }}
ldap_default_authtok = {{ ldap_bind_password }}
ldap_default_authtok_type = password
ldap_tls_cacert = /etc/ldap/{{ ldap_cert }}

ldap_search_base = {{ ldap_search_base }}
ldap_user_search_base = {{ ldap_search_base }}?subtree?(|({{ ldap_users | join(')(')}}))
ldap_sudo_search_base = {{ ldap_search_base }}?subtree?(|({{ ldap_admins | join(')(')}}))
ldap_group_search_base = {{ ldap_search_base }}
ldap_id_use_start_tls = true
ldap_id_mapping = false
use_fully_qualified_names = false

enumerate = true
initial commit 2022-01-23 00:38:23 +01:00			`[sssd]`
			`services = nss, pam, sudo`
			`config_file_version = 2`
			`domains = LDAP`

			`[domain/LDAP]`
			`cache_credentials = true`

			`id_provider = ldap`
			`auth_provider = ldap`
			`sudo_provider = ldap`

			`ldap_uri = {{ ldap_uris \| join(',') }}`
			`ldap_default_bind_dn = {{ ldap_bind_dn }}`
			`ldap_default_authtok = {{ ldap_bind_password }}`
			`ldap_default_authtok_type = password`
			`ldap_tls_cacert = /etc/ldap/{{ ldap_cert }}`

			`ldap_search_base = {{ ldap_search_base }}`
			`ldap_user_search_base = {{ ldap_search_base }}?subtree?(\|({{ ldap_users \| join(')(')}}))`
			`ldap_sudo_search_base = {{ ldap_search_base }}?subtree?(\|({{ ldap_admins \| join(')(')}}))`
			`ldap_group_search_base = {{ ldap_search_base }}`
			`ldap_id_use_start_tls = true`
			`ldap_id_mapping = false`
			`use_fully_qualified_names = false`

			`enumerate = true`