An Ansible role that configures nslcd, i.e. authentication via LDAP.
Note: PAM is not yet done with this role or through dependencies!
- Ansible 2.9
First, ldap needs to be defined in nsswitch.conf:
nsswitch_passwd: [files, ldap]
nsswitch_group: [files, ldap]
nsswitch_shadow: [files, ldap]Then, for nslcd.conf:
nslcd_uris:
- ldaps://ldap.example.org
nslcd_base: 'dc=example,dc=org'
nslcd_user_base: 'ou=people,dc=example,dc=org'
nslcd_group_base: 'ou=group,dc=example,dc=org'
nslcd_user_filter: >-
(&(|(appRights=foo)(uid=alice)(uid=bob))(nsrole=*self*))
nslcd_min_uid: 2000For more information, read man 5 nslcd.conf.
Note: Currently, not all parameters of nslcd.conf can be configured. If
you need something, feel free to contribute!
Add to requirements.yml:
---
roles:
- src: idiv_biodiversity.nsswitch
- src: idiv_biodiversity.nslcd
...Download:
$ ansible-galaxy role install -r requirements.ymlWrite a top-level playbook:
---
- name: head server
hosts: head
roles:
- role: idiv_biodiversity.nslcd
tags:
- nslcd
...Define the role dependency in meta/main.yml:
---
dependencies:
- role: idiv_biodiversity.nslcd
tags:
- nslcd
...MIT
This role was created in 2023 by Christian Krause aka wookietreiber at GitHub, HPC cluster systems administrator at the German Centre for Integrative Biodiversity Research (iDiv).