718itbiz/ldap-client
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity
Files
4fcc9c671c22e976a47f551df19e24bd3cf06b18
ldap-client/files/sssd.conf.mo
William Mantly 4fcc9c671c Updates
2026-02-28 13:07:43 -05:00

36 lines
968 B
Plaintext
Raw Blame History

[sssd]
services = nss, pam, sudo
domains = default
[domain/default]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
sudo_provider = ldap
ldap_uri = ldap://{{ldap_host}}
ldap_search_base = {{ldap_base_dn}}
ldap_network_timeout = 3
ldap_bind_dn = {{ldap_bind_dn}}
ldap_bind_pw = {{ldap_bind_password}}
# Sudo settings
ldap_sudo_search_base = {{ldap_base_dn}}
# Filter for sudo access: global host_admin OR host-specific admin
ldap_sudo_full_refresh_interval = 900
ldap_sudo_smart_refresh_interval = 300
# Access control: only allow users in host_access or host_{hostname}_access
access_provider = ldap
ldap_access_order = filter
ldap_access_filter = (|(memberof=cn=host_access,ou=Groups,{{ldap_base_dn}})(memberof=cn=host_{{current_host}}_access,ou=Groups,{{ldap_base_dn}}))
# Mapping
ldap_user_search_base = ou=People,{{ldap_base_dn}}
ldap_group_search_base = ou=Groups,{{ldap_base_dn}}
# Cache settings
cache_credentials = True
enumerate = False
Reference in New Issue View Git Blame Copy Permalink