This module manages SSSD.
include sssd
Hiera of a working SSSD deployment
sssd::configs:
sssd:
debug_level: 0x02F0
domains: LDAP
services:
- pam
- nss
nss:
debug_level: 0x02F0
filter_groups:
- root
- wheel
filter_users:
- root
pam:
debug_level: 0x02F0
domain/LDAP:
cache_credentials: true
debug_level: 0x02F0
enumerate: false
id_provider: ldap
auth_provider: ldap
chpass_provider: ldap
access_provider: ldap
ldap_uri:
- ldaps://ldap1.example.com:636
- ldaps://ldap2.example.com:636
ldap_search_base: 'dc=example,dc=com'
ldap_schema: rfc2307
ldap_tls_reqcert: demand
ldap_access_filter: '(&(objectClass=shadowAccount)(objectClass=posixAccount))'
ldap_access_order:
- filter
- expire
ldap_pwd_policy: shadow
ldap_account_expire_policy: shadow
ldap_group_member: memberuid