Getting started
Example inventory
To enable the sssd service on a host, you need to add it to the
[debops_service_sssd]
Ansible inventory group. The host should also be
configured with base LDAP support via the debops.ldap role (see its
documentation for more details):
[debops_service_ldap]
hostname
[debops_service_sssd]
hostname
A common case is configuration of LDAP authentication in the entire cluster of hosts. You can enable debops.sssd role on all DebOps hosts in the Ansible inventory at once:
[debops_all_hosts]
hostname1
hostname2
[debops_service_sssd:children]
debops_all_hosts
The sssd service can also be installed and configured by other
playbooks, for example bootstrap-sss.yml
. In such cases the custom
playbook will configure the sssd service on a host, but the role
playbook will not work on a host automatically; you will have to include that
host in the [debops_service_sssd]
Ansible inventory group via one of the
methods above to be able to change the service configuration.
Example playbook
If you are using this role without DebOps, here's an example Ansible playbook
that uses the debops.sssd
role:
---
# SPDX-License-Identifier: GPL-3.0-only
- name: Manage sssd service
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debops_service_sssd' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
roles:
- role: python
tags: [ 'role::python', 'skip::python', 'role::ldap' ]
python__dependent_packages3:
- '{{ ldap__python__dependent_packages3 }}'
python__dependent_packages2:
- '{{ ldap__python__dependent_packages2 }}'
- role: ldap
tags: [ 'role::ldap', 'skip::ldap' ]
ldap__dependent_tasks:
- '{{ sssd__ldap__dependent_tasks }}'
- role: sssd
tags: [ 'role::sssd', 'skip::sssd' ]
- role: nsswitch
tags: [ 'role::nsswitch', 'skip::nsswitch' ]
nsswitch__dependent_services:
- '{{ sssd__nsswitch__dependent_services }}'
Other resources
List of other useful resources related to the debops.sssd
Ansible role:
Manual pages: sssd.conf(5) (and subsystem man pages such as sssd-ldap(5) and sssd-krb5(5))
The website of the SSSD Project
LDAP support in DebOps: client-side, server-side
Configuring SSSD in the Red Hat Enterprise Linux 7 Guide
Understanding SSSD in the Red Hat Enterprise Linux 8 Guide
LDAP authentication documentation in the Arch Wiki
Debian LDAP Portal page in the Debian Wiki