Update to 2020-04-30 20:00

master
Daniel Berteaud 5 years ago
parent 9444a71f47
commit 815b03236b
  1. 4
      roles/common/tasks/utils.yml
  2. 7
      roles/sssd_ldap_auth/tasks/install_Debian.yml
  3. 11
      roles/sssd_ldap_auth/tasks/main.yml
  4. 4
      roles/sssd_ldap_auth/templates/deb_pam_common_session.j2

@ -5,6 +5,10 @@
name: "{{ system_utils }} + {{ system_utils_el }}" name: "{{ system_utils }} + {{ system_utils_el }}"
when: ansible_os_family == 'RedHat' when: ansible_os_family == 'RedHat'
- name: Strip unsupported packages
set_fact: system_utils={{ system_utils | difference(['zstd']) }}
when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version('9', '<')
- name: Install common utilities - name: Install common utilities
apt: apt:
name: "{{ system_utils }} + {{ system_utils_deb }}" name: "{{ system_utils }} + {{ system_utils_deb }}"

@ -6,7 +6,12 @@
- sssd - sssd
- libnss-sss - libnss-sss
- libpam-sss - libpam-sss
- oddjob-mkhomedir
- ca-certificates - ca-certificates
- name: Install oddjob-mkhomedir
apt:
name:
- oddjob-mkhomedir
when: ansible_distribution_major_version is version('9', '>=')
notify: restart oddjobd notify: restart oddjobd

@ -19,10 +19,11 @@
- regexp: '^group:.*' - regexp: '^group:.*'
line: 'group: files sss' line: 'group: files sss'
- name: Start and enable sssd services - name: Start and enable sssd service
service: name={{ item }} state=started enabled=yes service: name=sssd state=started enabled=True
with_items:
- sssd - name: Start oddjobd
- oddjobd service: name=oddjobd state=started enabled=True
when: ansible_distribution != 'Debian' or ansible_distribution_major_version is version('9', '>=')
- include_tasks: pam_{{ ansible_os_family }}.yml - include_tasks: pam_{{ ansible_os_family }}.yml

@ -1,6 +1,10 @@
session [default=1] pam_permit.so session [default=1] pam_permit.so
session requisite pam_deny.so session requisite pam_deny.so
session required pam_permit.so session required pam_permit.so
{% if ansible_distribution_major_version is version('9', '>=') %}
session optional pam_oddjob_mkhomedir.so skel=/etc/skel umask=0077 session optional pam_oddjob_mkhomedir.so skel=/etc/skel umask=0077
{% else %}
session optional pam_mkhomedir.so kel=/etc/skel umask=0077
{% endif %}
session optional pam_sss.so session optional pam_sss.so
session required pam_unix.so session required pam_unix.so

Loading…
Cancel
Save