This role setups and configures the pam ldap module
This role requires and apt based system
| Name | Required/Default | Description |
|---|---|---|
pam_ldap_nslcd_conf |
{'uid': 'nslcd', 'gid': 'nslcd' } |
Dict containing the option key/value pairs. According to the nslcd.conf man page. If a value can be defined multiple times just use a list containg all values. |
pam_ldap_access_conf |
[] |
List containing Dicts with access settings. According to the access.conf man page. |
Each list entry has to have following attributes
| Name | Required/Default | Description |
|---|---|---|
permission |
✔️ | Can be either a "+" character (plus) for access granted or a "-" character (minus) for access denied. |
object |
✔️ | The users/group field, should be a list of one or more login names, group names, or ALL (which always matches). To differentiate user entries from group entries, group entries should be written with brackets, e.g. (group). |
origins |
✔️ | The origins field should be a list of one or more tty names (for non-networked logins), host names, domain names (begin with "."), host addresses, internet network numbers (end with "."), internet network addresses with network mask (where network mask can be a decimal number or an internet address also), ALL (which always matches) or LOCAL. |
For more information please see the access.conf man page.
- hosts: pam_ldap
roles:
- role: pam_ldap
pam_ldap_nslcd_conf:
uri:
- "ldaps://ldap01.example.com:636"
base: "dc=wheel,dc=example,dc=com"
pam_ldap_access_conf:
- permission: +
objects: (wheel)
origins: ALLThis work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.