Further split roles. Mount user home on the clients (sshfs).

The following roles are available: fvs-sssd Configures LDAP as ID and AUTH provider using sssd. fvs-mount Provides all private user directories on login with pam_mount. Machines provided so far are: The server providing the home directory: fvs-home.yml A standard client: fvs-client.yml
2020-12-18 08:14:43 +01:00 · 2020-12-18 08:14:43 +01:00 · 7238875d0c
commit 7238875d0c
parent 77c8c26e38
10 changed files with 91 additions and 88 deletions
--- a/roles/fvs-sssd/tasks/main.yml
+++ b/roles/fvs-sssd/tasks/main.yml
@ -0,0 +1,30 @@
+---
+- name: install needed packages
+  apt:
+    name:
+      - sssd-ldap
+    state: latest
+
+- name: add URI to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "URI ldaps://{{ ldap_server }}/"
+    insertafter: "#URI.*"
+
+- name: add BASE to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "BASE {{ basedn }}"
+    insertafter: "#BASE.*"
+
+- name: do not verify cert
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "LDAPTLS_REQCERT      never"
+
+- name: provide identities from directory
+  template:
+    src: sssd.conf.j2
+    dest: /etc/sssd/sssd.conf
+    mode: 0600
+  notify: restart sssd