Forge Home

sssd

Install and configure SSSD

773,772 downloads

60,507 latest version

4.3 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 3.1.0 (latest)
  • 3.0.0
  • 2.13.1
  • 2.13.0
  • 2.12.0
  • 2.11.0
  • 2.10.1
  • 2.10.0
  • 2.9.0
  • 2.8.0
  • 2.7.0
  • 2.6.0
  • 2.5.0
  • 2.4.1
  • 2.4.0
  • 2.3.0
  • 2.2.2
  • 2.2.1
  • 2.2.0
  • 2.1.0
  • 2.0.0
  • 1.0.1
  • 1.0.0
  • 0.4.1
  • 0.4.0
  • 0.3.1
  • 0.3.0
  • 0.2.1
  • 0.2.0
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0 (deleted)
released Aug 24th 2016
This version is compatible with:
  • Puppet Enterprise >= 3.3.0 < 5.0.0
  • Puppet >= 3.0.0 < 5.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'sgnl05-sssd', '0.3.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add sgnl05-sssd
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install sgnl05-sssd --version 0.3.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

sgnl05/sssd — version 0.3.1 Aug 24th 2016

sssd

Build Status Puppet Forge Puppet Forge Downloads Puppet Forge Score Issue Stats

Table of Contents

  1. Overview
  2. Usage - Configuration options and additional functionality
  3. Reference - An under-the-hood peek at what the module is doing and how
  4. Limitations - OS compatibility, etc.
  5. Credits

Overview

This module installs and configures SSSD (System Security Services Daemon)

SSSD is used to provide access to identity and authentication remote resource through a common framework that can provide caching and offline support to the system.

Usage

Example configuration:

class {'::sssd':
  config => {
    'sssd' => {
      'domains'             => 'ad.example.com',
      'config_file_version' => 2,
      'services'            => ['nss', 'pam'],
    },
    'domain/ad.example.com' => {
      'ad_domain'                      => 'ad.example.com',
      'ad_server'                      => ['server01.ad.example.com', 'server02.ad.example.com'],
      'krb5_realm'                     => 'AD.EXAMPLE.COM',
      'realmd_tags'                    => 'joined-with-samba',
      'cache_credentials'              => true,
      'id_provider'                    => 'ad',
      'krb5_store_password_if_offline' => true,
      'default_shell'                  => '/bin/bash',
      'ldap_id_mapping'                => false,
      'use_fully_qualified_names'      => false,
      'fallback_homedir'               => '/home/%d/%u',
      'access_provider'                => 'simple',
      'simple_allow_groups'            => ['admins', 'users'],
    }
  }
}

...or the same config in Hiera:

sssd::config:
  'sssd':
    'domains': 'ad.example.com'
    'config_file_version': 2
    'services':
      - 'nss'
      - 'pam'
  'domain/ad.example.com':
    'ad_domain': 'ad.example.com'
    'ad_server':
      - 'server01.ad.example.com'
      - 'server02.ad.example.com'
    'krb5_realm': 'AD.EXAMPLE.COM'
    'realmd_tags': 'joined-with-samba'
    'cache_credentials': true
    'id_provider': 'ad'
    'krb5_store_password_if_offline': true
    'default_shell': '/bin/bash'
    'ldap_id_mapping': false
    'use_fully_qualified_names': false
    'fallback_homedir': '/home/%d/%u'
    'access_provider': 'simple'
    'simple_allow_groups':
      - 'admins'
      - 'users'

Will be represented in sssd.conf like this:

[sssd]
domains = ad.example.com
config_file_version = 2
services = nss, pam

[domain/ad.example.com]
ad_domain = ad.example.com
ad_server = server01.ad.example.com, server02.ad.example.com
krb5_realm = AD.EXAMPLE.COM
realmd_tags = joined-with-samba
cache_credentials = true
id_provider = ad
krb5_store_password_if_offline = true
default_shell = /bin/bash
ldap_id_mapping = false
use_fully_qualified_names = false
fallback_homedir = /home/%d/%u
access_provider = simple
simple_allow_groups = admins, users

Tip: Using 'ad' as id_provider require you to run 'adcli join domain' on the target node. adcli join creates a computer account in the domain for the local machine, and sets up a keytab for the machine.

Example:

$ sudo adcli join ad.example.com

Reference

#####ensure Defines if sssd and its relevant packages are to be installed or removed. Valid values are 'present' and 'absent'. Type: string Default: present

#####config Configuration options stuctured like the sssd.conf file. Array values will be joined into comma-separated lists. Type: hash Default:

config => {
  'sssd' => {
    'config_file_version' => '2',
    'services'            => 'nss, pam',
    'domains'             => 'ad.example.com',
  },
    'domain/ad.example.com' => {
      'id_provider'       => 'ad',
      'krb5_realm'        => 'AD.EXAMPLE.COM',
      'cache_credentials' => true,
  },
}

#####mkhomedir Set to 'true' to enable auto-creation of home directories on user login. Type: boolean Default: true

Limitations

Tested on:

  • Fedora 22,23
  • (RHEL|CentOS|OracleLinux) 5,6,7
  • Ubuntu 14.04

Credits

  • sssd.conf template from walkamongus-sssd by Chadwick Banning
  • Anchor pattern, mkhomedir code, RHEL5 support and spec tests by Chris Edester
  • service_ensure option by sd-robbruce
  • sssd.conf consistency during first Puppet run by ndelic0
  • Non-sorting config keys for newer ruby versions by gizmoguy