A simple Ansible role to configure LDAP logins with SSH public keys.
A Samba or Active Directory server is assumed to be already set up with an account that has the necessary priviledges to join a computer to the domain.
ad_access_filter: String. See the default, or search the web for "ad_access_filter" or "ldap_access_filter" for more complicated examples.
sudo_groups: Array. A list of groups that are allowed to sudo root on this host.
joiner_account: String. The name of the account that has the necessary priviledges to join a computer to the domain.
joiner_password: String. The password for the
directory_name: String. The name of the directory. Must be reachable via ICMP PING.
ldap_pubkey_field: String. The LDAP field that contains users' public keys. Defaults to
Python and pip need to be installed on the remote machine. Recent Amazon Linuxes fulfill this dependency.
This play installs the
pexpect pip package, because it uses
expect to enter the password.