trixie/roles/fvs-sssd/tasks/main.yml

---
- name: install needed packages
  apt:
    name:
      - sssd-ldap
    state: latest

- name: add URI to ldap.conf
  lineinfile:
    dest: /etc/ldap/ldap.conf
    line: "URI ldaps://{{ ldap_server }}/"
    insertafter: "#URI.*"

- name: add BASE to ldap.conf
  lineinfile:
    dest: /etc/ldap/ldap.conf
    line: "BASE {{ basedn }}"
    insertafter: "#BASE.*"

- name: do not verify cert
  lineinfile:
    dest: /etc/ldap/ldap.conf
    line: "LDAPTLS_REQCERT      never"

- name: provide identities from directory
  template:
    src: sssd.conf.j2
    dest: /etc/sssd/sssd.conf
    mode: 0600
  notify: restart sssd
Further split roles. Mount user home on the clients (sshfs). The following roles are available: fvs-sssd Configures LDAP as ID and AUTH provider using sssd. fvs-mount Provides all private user directories on login with pam_mount. Machines provided so far are: The server providing the home directory: fvs-home.yml A standard client: fvs-client.yml 2020-12-18 08:14:43 +01:00			`---`
			`- name: install needed packages`
			`apt:`
			`name:`
			`- sssd-ldap`
			`state: latest`

			`- name: add URI to ldap.conf`
			`lineinfile:`
			`dest: /etc/ldap/ldap.conf`
			`line: "URI ldaps://{{ ldap_server }}/"`
			`insertafter: "#URI.*"`

			`- name: add BASE to ldap.conf`
			`lineinfile:`
			`dest: /etc/ldap/ldap.conf`
			`line: "BASE {{ basedn }}"`
			`insertafter: "#BASE.*"`

			`- name: do not verify cert`
			`lineinfile:`
			`dest: /etc/ldap/ldap.conf`
			`line: "LDAPTLS_REQCERT never"`

			`- name: provide identities from directory`
			`template:`
			`src: sssd.conf.j2`
			`dest: /etc/sssd/sssd.conf`
			`mode: 0600`
			`notify: restart sssd`