Init fvs branch with LDAP auth and mk-homedir.

2020-11-28 09:23:44 +01:00 · 2020-11-28 09:23:44 +01:00 · ddb8ff11d3
commit ddb8ff11d3
parent 9264deb90d
5 changed files with 93 additions and 0 deletions
--- a/roles/fvs-client-mkhome/tasks/main.yml
+++ b/roles/fvs-client-mkhome/tasks/main.yml
@ -0,0 +1,40 @@
+---
+- name: install needed packages
+  apt:
+    name:
+      - sssd-ldap
+    state: latest
+
+- name: add URI to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "URI ldaps://{{ ldap_server }}/"
+    insertafter: "#URI.*"
+
+- name: add BASE to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "BASE {{ basedn }}"
+    insertafter: "#BASE.*"
+
+    #- name: enable pam_umask
+    #  lineinfile:
+    #    dest: /etc/pam.d/common-session
+    #    line: "session optional	pam_umask.so usergroups"
+
+- name: enable pam_mkhomedir.so
+  lineinfile:
+    dest: /etc/pam.d/common-session
+    line: "session	optional			pam_mkhomedir.so"
+    insertafter: "# end of pam-auth-update config"
+
+    #  command: /usr/sbin/pam-auth-update --enable mkhomedir
+
+## oddjob-mkhomedir works only with sec=sys for the NFSv4 share
+
+- name: provide identities from directory
+  template:
+    src: sssd.conf.j2
+    dest: /etc/sssd/sssd.conf
+    mode: 0600
+  notify: restart sssd