Forge Home

sssd

Puppet Module for managing SSSD

45,205 downloads

1,672 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 3.0.1 (latest)
  • 3.0.0
  • 2.2.2
  • 2.2.1
  • 2.2.0
  • 2.1.1
  • 2.1.0
  • 2.0.3
  • 2.0.2
  • 2.0.1
  • 2.0.0
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
released Jun 16th 2021
This version is compatible with:
  • Puppet Enterprise 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
  • Puppet >=5.5.10 <8.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'bodgit-sssd', '3.0.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add bodgit-sssd
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install bodgit-sssd --version 3.0.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: ldap, sssd

Documentation

bodgit/sssd — version 3.0.1 Jun 16th 2021

sssd

Build Status Codecov Puppet Forge version Puppet Forge downloads Puppet Forge - PDK version

Table of Contents

  1. Description
  2. Setup - The basics of getting started with sssd
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

This module will install the SSSD packages, configure any services and domains, and optionally configure the D-Bus system service.

CentOS, RHEL, Scientific and Oracle Enterprise Linux is supported using Puppet 5 or later.

Setup

Beginning with sssd

You need to configure at least one domain for SSSD to start up so the bare minimum would be:

include sssd
sssd::domain { 'example.com':
  id_provider => 'ldap',
  ...
}

Usage

Configure SSSD to use LDAP for NSS:

class { 'sssd':
  domains  => {
    'example.com' => {
      'id_provider'           => 'ldap',
      'ldap_schema'           => 'rfc2307',
      'ldap_uri'              => ['ldap://192.0.2.1'],
      'ldap_search_base'      => 'dc=example,dc=com',
      'ldap_tls_reqcert'      => 'never',
      'ldap_id_use_start_tls' => false,
      'ldap_default_bind_dn'  => 'cn=Manager,dc=example,dc=com',
      'ldap_default_authtok'  => 'secret',
    },
  },
  services => {
    'nss' => {},
  },
}

class { 'nsswitch':
  passwd => ['files', 'sss'],
  shadow => ['files', 'sss'],
  group  => ['files', 'sss'],
}

Class['sssd'] -> Class['nsswitch']

Extend the above example to also make the SSSD data available over D-Bus:

include dbus
include sssd
sssd::service { 'nss': }
sssd::domain { 'example.com':
  id_provider           => 'ldap',
  ldap_schema           => 'rfc2307',
  ldap_uri              => ['ldap://192.0.2.1'],
  ldap_search_base      => 'dc=example,dc=com',
  ldap_tls_reqcert      => 'never',
  ldap_id_use_start_tls => false,
  ldap_default_bind_dn  => 'cn=Manager,dc=example,dc=com',
  ldap_default_authtok  => 'secret',
}
include sssd::dbus

class { 'nsswitch':
  passwd => ['files', 'sss'],
  shadow => ['files', 'sss'],
  group  => ['files', 'sss'],
}

Class['sssd'] -> Class['nsswitch']

Reference

The reference documentation is generated with puppet-strings and the latest version of the documentation is hosted at https://bodgit.github.io/puppet-sssd/ and available also in the REFERENCE.md.

Limitations

This module takes the (somewhat laborious) approach of creating parameters for each sssd.conf setting rather than just pass in a large hash of settings which should result in more control.

Any setting that accepts the boolean TRUE/FALSE values is mapped to a native Puppet boolean type. Any multi-valued setting accepts an array of values.

Currently almost all parameters are optional, the only mandatory parameter is that of the identity provider (id_provider) for the sssd::domain defined type. This may change in the future if the logic becomes more obvious.

This module has been built on and tested against Puppet 5 and higher.

The module has been tested on:

  • Red Hat/CentOS Enterprise Linux 6/7

Development

The module relies on PDK and has both rspec-puppet and beaker-rspec tests. Run them with:

$ bundle exec rake spec
$ PUPPET_INSTALL_TYPE=agent PUPPET_INSTALL_VERSION=x.y.z bundle exec rake beaker:<nodeset>

Please log issues or pull requests at github.