sssd

pdk
Installs, configures, and manages the SSSD service.
Gjermund Jensvoll

Gjermund Jensvoll

gjerjens

825 downloads

626 latest version

5.0 quality score

Version information

  • 0.1.1 (latest)
  • 0.1.0
released May 19th 2020
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
  • Puppet >= 5.5.10 < 7.0.0
  • CentOS
    ,
    OracleLinux
    ,
    RedHat
    ,
    Scientific
    ,
    Debian
    ,
    Ubuntu
    ,
    Fedora
    ,
    SLES

Start using this module

Documentation

gjerjens/sssd — version 0.1.1 May 19th 2020

sssd

Table of Contents

  1. Overview
  2. Usage - Configuration options and additional functionality
  3. Limitations - OS compatibility, etc.
  4. Credits

Description

This module installs and configures SSSD (System Security Services Daemon)

SSSD is used to provide access to identity and authentication remote resource through a common framework that can provide caching and offline support to the system.

Usage

Example configuration:

class {'::sssd':
  config => {
    'sssd' => {
      'domains'             => 'example.com',
      'config_file_version' => 2,
      'services'            => ['nss', 'pam'],
    },
    'domain/ad.example.com' => {
      'ad_domain'                      => 'example.com',
      'krb5_realm'                     => 'EXAMPLE.COM',
      'realmd_tags'                    => 'manages-system joined-with-adcli',
      'cache_credentials'              => true,
      'id_provider'                    => 'ad',
      'krb5_store_password_if_offline' => true,
      'default_shell'                  => '/bin/bash',
      'ldap_id_mapping'                => false,
      'use_fully_qualified_names'      => false,
      'fallback_homedir'               => '/home/%u@%d',
      'access_provider'                => 'ad',
    }
  }
}

...or the same config in Hiera:

sssd::config:
  sssd:
    domains: 'example.com'
    config_file_version: 2
    services:
      - 'nss'
      - 'pam'
  'domain/example.com':
    ad_domain: 'example.com'
    krb5_realm: 'EXAMPLE.COM'
    realmd_tags: 'manages-system joined-with-adcli'
    cache_credentials: true
    id_provider: 'ad'
    krb5_store_password_if_offline: true
    default_shell: '/bin/bash'
    ldap_id_mapping: false
    use_fully_qualified_names: false
    fallback_homedir: '/home/%u@%d'
    access_provider: 'ad'

Will be represented in sssd.conf like this:

[sssd]
domains = example.com
config_file_version = 2
services = nss, pam

[domain/example.com]
ad_domain = example.com
krb5_realm = EXAMPLE.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = true
id_provider = ad
krb5_store_password_if_offline = true
default_shell = /bin/bash
ldap_id_mapping = false
use_fully_qualified_names = false
fallback_homedir = /home/%u@%d
access_provider = ad

Limitations

This module only handles the SSSD package, config and service. All other special requirements (such as oddjobd, authselect, adcli etc.) is outside the scope.

Tested on

  • CentOS 8
  • Fedora 32
  • Ubuntu 18.04

Credits