Update to 2021-12-01 19:13

2025-07-26 15:55:56 +02:00 · 2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
--- a/roles/wb_ad_auth/templates/krb5.conf
+++ b/roles/wb_ad_auth/templates/krb5.conf
@@ -0,0 +1,5 @@
+[libdefaults]
+  default_realm = {{ ad_realm | upper }}
+  dns_lookup_realm = false
+  dns_lookup_kdc = true
+  rdns = false
--- a/roles/wb_ad_auth/templates/krb5.conf.j2
+++ b/roles/wb_ad_auth/templates/krb5.conf.j2
@@ -0,0 +1,5 @@
+[libdefaults]
+  default_realm = {{ ad_realm }}
+  dns_lookup_realm = false
+  dns_lookup_kdc = true
+  rdns = false
--- a/roles/wb_ad_auth/templates/sssd.conf.j2
+++ b/roles/wb_ad_auth/templates/sssd.conf.j2
@@ -0,0 +1,24 @@
+[sssd]
+services = nss, pam
+config_file_version = 2
+domains = {{ ad_realm }}
+
+[nss]
+shell_fallback = /bin/false
+
+[pam]
+
+[domain/{{ ad_realm }}]
+id_provider = ad
+ad_hostname = {{ ansible_hostname }}.{{ ad_realm | lower }}
+fallback_homedir = /home/%d/%u
+default_shell = /bin/false
+cache_credentials = true
+enumerate = true
+access_provider = ad
+ad_access_filter = {{ ad_access_filter }}
+{% if ad_ldap_group_search_base is defined %}
+ldap_group_search_base = {{ ad_ldap_group_search_base }}
+{% elif ad_ignore_groups | length > 0 %}
+ldap_group_search_base = {{ ad_ldap_base }}?sub?(!(|(cn={{ ad_ignore_groups | join(')(cn=') }})))
+{% endif %}