sssd

pdk
Puppet Module for managing SSSD

Matt Dainty

bodgit

36,892 downloads

280 latest version

5.0 quality score

Version information

  • 3.0.1 (latest)
  • 3.0.0
  • 2.2.2
  • 2.2.1
  • 2.2.0
  • 2.1.1
  • 2.1.0
  • 2.0.3
  • 2.0.2
  • 2.0.1
  • 2.0.0
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
released Jun 16th 2021
This version is compatible with:
  • Puppet Enterprise 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
  • Puppet >=5.5.10 <8.0.0
  • RedHat
    ,
    CentOS
    ,
    OracleLinux
    ,
    Scientific
    ,
    Ubuntu

Start using this module

Tags: sssd, ldap

Documentation

bodgit/sssd — version 3.0.1 Jun 16th 2021

sssd

Build Status Codecov Puppet Forge version Puppet Forge downloads Puppet Forge - PDK version

Table of Contents

  1. Description
  2. Setup - The basics of getting started with sssd
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

This module will install the SSSD packages, configure any services and domains, and optionally configure the D-Bus system service.

CentOS, RHEL, Scientific and Oracle Enterprise Linux is supported using Puppet 5 or later.

Setup

Beginning with sssd

You need to configure at least one domain for SSSD to start up so the bare minimum would be:

include sssd
sssd::domain { 'example.com':
  id_provider => 'ldap',
  ...
}

Usage

Configure SSSD to use LDAP for NSS:

class { 'sssd':
  domains  => {
    'example.com' => {
      'id_provider'           => 'ldap',
      'ldap_schema'           => 'rfc2307',
      'ldap_uri'              => ['ldap://192.0.2.1'],
      'ldap_search_base'      => 'dc=example,dc=com',
      'ldap_tls_reqcert'      => 'never',
      'ldap_id_use_start_tls' => false,
      'ldap_default_bind_dn'  => 'cn=Manager,dc=example,dc=com',
      'ldap_default_authtok'  => 'secret',
    },
  },
  services => {
    'nss' => {},
  },
}

class { 'nsswitch':
  passwd => ['files', 'sss'],
  shadow => ['files', 'sss'],
  group  => ['files', 'sss'],
}

Class['sssd'] -> Class['nsswitch']

Extend the above example to also make the SSSD data available over D-Bus:

include dbus
include sssd
sssd::service { 'nss': }
sssd::domain { 'example.com':
  id_provider           => 'ldap',
  ldap_schema           => 'rfc2307',
  ldap_uri              => ['ldap://192.0.2.1'],
  ldap_search_base      => 'dc=example,dc=com',
  ldap_tls_reqcert      => 'never',
  ldap_id_use_start_tls => false,
  ldap_default_bind_dn  => 'cn=Manager,dc=example,dc=com',
  ldap_default_authtok  => 'secret',
}
include sssd::dbus

class { 'nsswitch':
  passwd => ['files', 'sss'],
  shadow => ['files', 'sss'],
  group  => ['files', 'sss'],
}

Class['sssd'] -> Class['nsswitch']

Reference

The reference documentation is generated with puppet-strings and the latest version of the documentation is hosted at https://bodgit.github.io/puppet-sssd/ and available also in the REFERENCE.md.

Limitations

This module takes the (somewhat laborious) approach of creating parameters for each sssd.conf setting rather than just pass in a large hash of settings which should result in more control.

Any setting that accepts the boolean TRUE/FALSE values is mapped to a native Puppet boolean type. Any multi-valued setting accepts an array of values.

Currently almost all parameters are optional, the only mandatory parameter is that of the identity provider (id_provider) for the sssd::domain defined type. This may change in the future if the logic becomes more obvious.

This module has been built on and tested against Puppet 5 and higher.

The module has been tested on:

  • Red Hat/CentOS Enterprise Linux 6/7

Development

The module relies on PDK and has both rspec-puppet and beaker-rspec tests. Run them with:

$ bundle exec rake spec
$ PUPPET_INSTALL_TYPE=agent PUPPET_INSTALL_VERSION=x.y.z bundle exec rake beaker:<nodeset>

Please log issues or pull requests at github.