Forge Home

sssd

Install and configure the System Security Services Daemon

133,081 downloads

11,815 latest version

4.3 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.0.1 (latest)
  • 2.0.0
  • 1.2.3
  • 1.2.2
  • 1.2.1 (deleted)
  • 1.2.0
  • 1.0.1
  • 1.0.0
  • 0.2.1
  • 0.2.0
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Jun 25th 2017
This version is compatible with:
  • Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.0.0 < 5.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'walkamongus-sssd', '2.0.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add walkamongus-sssd
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install walkamongus-sssd --version 2.0.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: sssd

Documentation

walkamongus/sssd — version 2.0.1 Jun 25th 2017

sssd Puppet Module

Build Status

####Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with sssd
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.

##Overview

This module installs (if necessary) and configures the System Security Services Daemon.

##Module Description

The System Security Services Daemon bridges the gap between local authentication requests and remote authentication providers. This module installs the required sssd packages and builds the sssd.conf configuration file. It will also enable the sssd service and ensure it is running.

Auto-creation of user home directories on first login via the PAM mkhomedir.so module may be enabled or disabled (defaults to disabled).

For SSH and Sudo integration with SSSD, this module works well with saz/ssh and trlinkin/nsswitch.

##Setup

###What sssd affects

  • Packages
    • sssd
    • authconfig
    • oddjob-mkhomedir
    • libpam-runtime
    • libpam-sss
    • libnss-sss
  • Files
    • sssd.conf
  • Services
    • sssd daemon
  • Execs
    • the authconfig or pam-auth-update commands are run to enable/disable SSSD functionality.

###Beginning with sssd

Install SSSD with a bare default config file:

 class {'::sssd': }

##Usage

Install SSSD with custom configuration:

class {'::sssd':
  config => {
    'sssd' => {
      'key'     => 'value',
      'domains' => ['MY_DOMAIN', 'LDAP',],
    },
    'domain/MY_DOMAIN' => {
      'key' => 'value',
    },
    'pam' => {
      'key' => 'value',
    },
  }
}

##Reference

###Parameters

  • package_name: String. Name of the SSSD package to install.
  • package_ensure: String. Ensure value to set for the SSSD package.
  • service_name: String. Name of the SSSD service to manage.
  • service_ensure: Variant[Enum['running','stopped'], Boolean]. Ensure value to set for the SSSD service.
  • config_file: Stdlib::Absolutepath. Path to the SSSD config file.
  • config: Hash. A hash of configuration options structured like the sssd.conf file. Array values will be joined into comma-separated lists.
  • mkhomedir: Boolean. Enables auto-creation of home directories on user login.
  • pam_mkhomedir_method: Enum['pam-auth-update', 'authconfig']. Set supported method for controlling SSSD configuration.
  • pam_mkhomedir_file_path: Variant[Stdlib::Absolutepath, Undef]. Path to the PAM mkhomedir config file. Only used when pam_mkhomedir_method => pam-auth-update.
  • cache_path: Stdlib::Absolutepath. Path to the SSSD cache files.
  • clear_cache: Boolean. Enables clearing of the SSSD cache on configuration updates.
  • required_packages: Hash. A Hash of package resources to additionally install with the core SSSD packages

For example:

class {'::sssd':
  config => {
    'sssd' => {
      'key1' => 'value1',
      'keyX' => [ 'valueY', 'valueZ' ],
    },
    'domain/LDAP' => {
      'key2' => 'value2',
    },
  }

or in hiera:

sssd::config:
  'sssd':
    key1: value1
    keyX:
      - valueY
      - valueZ
  'domain/LDAP':
    key2: value2

Will be represented in sssd.conf like this:

[sssd]
key1 = value1
keyX = valueY, valueZ

[domain/LDAP]
key2 = value2

###Classes

  • sssd::init
  • sssd::install
  • sssd::config
  • sssd::service