Default variable details
Some of the debops.sssd
default variables have more extensive
configuration than simple strings or lists, here you can find documentation and
examples for them.
sssd__configuration
The sssd__*_configuration
variables define the contents of the
/etc/sssd/sssd.conf
configuration file. The variables are merged in
the order defined by the sssd__combined_configuration
variable, which
allows modification of the default configuration through the Ansible inventory.
See sssd.conf(5) and the service-specific man pages (e.g.
sssd-ldap(5), sssd-krb5(5) or sssd-sudo(5)) for possible
configuration parameters and their values.
Examples
See sssd__default_configuration
variable for an example of
existing configuration.
Enable debugging for the nss
and pam
subsystems:
sssd__configuration:
- section: 'nss'
options:
- debug_level: '0x0770'
- section: 'pam'
options:
- debug_level: '0x0770'
Enable enumeration (which means that sssd
will download and cache all
users and groups from the LDAP server preemptively). This means that users
and groups will still be available in case of network outages, etc, but
enumeration is not suitable for large environments:
sssd__configuration:
- section: 'domain/default'
options:
- name: 'enumerate'
value: True
Syntax
The variables contain a list of YAML dictionaries, each dictionary can have the following parameters:
section
Required. Name of the sssd.conf(5) configuration section in which a given configuration option should be included. This parameter is used as an "anchor", configuration entries with the same
section
are combined together and affect each other in order of appearance.title
Optional. This parameter can be used to provide a short description of the section which will be included in the generated configuration file.
state
Optional. If not specified or
present
, a given section will be included in the generated configuration file. Ifabsent
, the section will not be included in the file. Ifignore
, a given configuration entry will not be evaluated during role execution. Ifhidden
, the section's header and title will be hidden in the generated configuration file.weight
Optional. A positive or negative number which can be used to affect the order of sections in the generated configuration file. Positive numbers add more "weight" to the section making it appear "lower" in the file; negative numbers subtract the "weight" and therefore move the section upper in the file.
options
Required. A list of sssd configuration options for a given section. The
options
parameters from configuration entries with the samesection
parameter are merged together in order of appearance and can affect each other.The options can be specified in a simple form as key/value pairs, where the key is the option name and value is the option value. Alternatively, if the
name
andvalue
parameters are used, the entries can use an extended format with specific parameters:name
Required. The name of a given sssd.conf(5) configuration option for a given
section
. Options with the samesection
andname
will be merged in order of appearance.value
Required. The value of a given configuration option. It can be either a string, a boolean, a number, or a YAML list (elements will be joined with commas).
raw
Optional. String or YAML text block which will be included in the configuration file "as is". If this parameter is specified, the
name
andvalue
parameters are ignored - you need to specify the entire line(s) with configuration option names as well.state
Optional. If not defined or
present
, a given configuration option or section will be included in the generated configuration file. Ifabsent
,ignore
orinit
, a given configuration option or section will not be included in the generated file. Ifcomment
, the option will be included but commented out and inactive.comment
Optional. String or YAML text block that contains comments about a given configuration option.