|
|
@ -8,6 +8,8 @@ ad_computer_ou: |
|
|
|
ad_access_filter: "(|(memberOf=CN=Domain Admins,CN=Users,DC={{ ad_realm | regex_replace('\\.',',DC=') }})(memberOf=CN=Domain Admins,OU=Groups,DC={{ ad_realm | regex_replace('\\.',',DC=') }}))" |
|
|
|
ad_access_filter: "(|(memberOf=CN=Domain Admins,CN=Users,DC={{ ad_realm | regex_replace('\\.',',DC=') }})(memberOf=CN=Domain Admins,OU=Groups,DC={{ ad_realm | regex_replace('\\.',',DC=') }}))" |
|
|
|
ad_enumerate: True |
|
|
|
ad_enumerate: True |
|
|
|
ad_default_shell: /bin/false |
|
|
|
ad_default_shell: /bin/false |
|
|
|
|
|
|
|
# If access control should evaluate domain GPO. Can be disabled, eforcing or permissive. See man sssd-ad |
|
|
|
|
|
|
|
ad_gpo_access_control: permissive |
|
|
|
|
|
|
|
|
|
|
|
# sssd doesn't support cross forest approbations, but we can add the Linux box to the other domains |
|
|
|
# sssd doesn't support cross forest approbations, but we can add the Linux box to the other domains |
|
|
|
ad_trusted_domains: "{{ samba_trusted_domains | default([]) }}" |
|
|
|
ad_trusted_domains: "{{ samba_trusted_domains | default([]) }}" |
|
|
|