Puppet Class: sssd

Defined in:
manifests/init.pp

Overview

Class: sssd

This class installs sssd and configures it for LDAP authentication. It also sets up nsswitch.conf and pam to use sssd for authentication and groups.

Parameters

filter_groups

String. Groups to filter out of the sssd results Default: root,wheel

filter_users

String. Users to filter out of the sssd results Default: root

ldap_base

String. LDAP base to search for LDAP results in Default: dc=example,dc=org

ldap_uri

String. LDAP URIs to connect to for results. Comma separated list of hosts. Default: ldap://ldap.example.org

ldap_access_filter

String. Filter used to search for users Default: (&(objectclass=shadowaccount)(objectclass=posixaccount))

logsagent

String. Agent for remote log transport Default: ” Valid options: beaver

Examples

  • Installation:

    class { 'sssd':
  ldap_base => 'dc=mycompany,dc=com',
  ldap_uri  => 'ldap://ldap1.mycompany.com, ldap://ldap2.mycompany.com',
}

Authors

Parameters:

  • filter_groups (Any) (defaults to: 'root,wheel')
  • filter_users (Any) (defaults to: 'root')
  • ldap_base (Any) (defaults to: 'dc=example,dc=org')
  • ldap_uri (Any) (defaults to: 'ldap://ldap.example.org')
  • ldap_access_filter (Any) (defaults to: '(&(objectclass=shadowaccount)(objectclass=posixaccount))')
  • ldap_group_member (Any) (defaults to: 'uniquemember')
  • ldap_tls_reqcert (Any) (defaults to: 'demand')
  • ldap_tls_cacert (Any) (defaults to: '/etc/pki/tls/certs/ca-bundle.crt')
  • logsagent (Any) (defaults to: '') 


47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'manifests/init.pp', line 47

class sssd (
  $filter_groups      = 'root,wheel',
  $filter_users       = 'root',
  $ldap_base          = 'dc=example,dc=org',
  $ldap_uri           = 'ldap://ldap.example.org',
  $ldap_access_filter = '(&(objectclass=shadowaccount)(objectclass=posixaccount))',
  $ldap_group_member  = 'uniquemember',
  $ldap_tls_reqcert   = 'demand',
  $ldap_tls_cacert    = '/etc/pki/tls/certs/ca-bundle.crt',
  $logsagent          = '',
){

  anchor { 'sssd::begin': } ->
  class { 'sssd::install': } ->
  class { 'sssd::config': } ->
  class { 'sssd::service': } ->
  anchor { 'sssd::end': }

}