Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

29 lines
1.3 KiB

---
ad_auth: False
ad_domain: "{{ samba_domain }}"
ad_realm: "{{ samba_realm }}"
ad_admin: Administrator
ad_admin_pass: "{{ samba_dc_admin_pass }}"
ad_computer_ou:
ad_access_filter: "(|(memberOf=CN=Domain Admins,CN=Users,DC={{ ad_realm | regex_replace('\\.',',DC=') }})(memberOf=CN=Domain Admins,OU=Groups,DC={{ ad_realm | regex_replace('\\.',',DC=') }}))"
ad_enumerate: True
ad_default_shell: /bin/false
# If access control should evaluate domain GPO. Can be disabled, eforcing or permissive. See man sssd-ad
ad_gpo_access_control: permissive
# sssd doesn't support cross forest approbations, but we can add the Linux box to the other domains
ad_trusted_domains: "{{ samba_trusted_domains | default([]) }}"
# ad_trusted_domains:
# - name: ad.fws.fr
# admin_user: administrator
# admin_pass: s3cr3t.
ad_default_trusted_domain:
access_filter: "{{ ad_access_filter }}"
enumerate: "{{ ad_enumerate }}"
ldap_group_search_base: "{{ ad_ldap_group_search_base | default(False) }}"
ldap_user_search_base: "{{ ad_ldap_user_search_base | default(False) }}"
# You can define a custom search base, with a scope and a filter for groups:
# ad_ldap_group_search_base: CN=Users,dc=ad,dc=domain,dc=com?sub?(|(cn=Domain Users)(cn=Domain Admins))
# ad_ldap_user_search_base: OU=IT,DC=AD,DC=DOMAIN,DC=COM?sub