ansible-roles/roles/wb_ad_auth/templates/sssd.conf.j2

[sssd]
services = nss, pam
config_file_version = 2
domains = {{ ad_realm }}

[nss]
shell_fallback = /bin/false

[pam]

[domain/{{ ad_realm }}]
id_provider = ad
ad_hostname = {{ ansible_hostname }}.{{ ad_realm | lower }}
fallback_homedir = /home/%d/%u
default_shell = /bin/false
cache_credentials = true
enumerate = true
access_provider = ad
ad_access_filter = {{ ad_access_filter }}
{% if ad_ldap_group_search_base is defined %}
ldap_group_search_base = {{ ad_ldap_group_search_base }}
{% elif ad_ignore_groups | length > 0 %}
ldap_group_search_base = {{ ad_ldap_base }}?sub?(!(|(cn={{ ad_ignore_groups | join(')(cn=') }})))
{% endif %}
Update to 2021-12-01 19:13 2021-12-01 19:13:34 +01:00			`[sssd]`
			`services = nss, pam`
			`config_file_version = 2`
			`domains = {{ ad_realm }}`

			`[nss]`
			`shell_fallback = /bin/false`

			`[pam]`

			`[domain/{{ ad_realm }}]`
			`id_provider = ad`
			`ad_hostname = {{ ansible_hostname }}.{{ ad_realm \| lower }}`
			`fallback_homedir = /home/%d/%u`
			`default_shell = /bin/false`
			`cache_credentials = true`
			`enumerate = true`
			`access_provider = ad`
			`ad_access_filter = {{ ad_access_filter }}`
			`{% if ad_ldap_group_search_base is defined %}`
			`ldap_group_search_base = {{ ad_ldap_group_search_base }}`
			`{% elif ad_ignore_groups \| length > 0 %}`
			`ldap_group_search_base = {{ ad_ldap_base }}?sub?(!(\|(cn={{ ad_ignore_groups \| join(')(cn=') }})))`
			`{% endif %}`