Skip to content

Instantly share code, notes, and snippets.

@wilpig
Created January 11, 2022 18:58
Show Gist options
  • Save wilpig/09c7b008ea180bb733a3e0c6f87826d2 to your computer and use it in GitHub Desktop.
Save wilpig/09c7b008ea180bb733a3e0c6f87826d2 to your computer and use it in GitHub Desktop.
# managed by CFEngine 3
[sssd]
config_file_version = 2
services = nss, pam
reconnection_retries = 3
domains = {{ansible_local.ad.domain|default('VANDERBILT')}}
sbus_timeout = 30
debug_level = 1
[nss]
reconnection_retries = 3
filter_groups = root
filter_users = apache,avahi,daemon,dbus,gdm,haldaemon,hpsmh,ldap,mysql,named,nobody,nrpe,ntp,oracle,rpc,rpcuser,root,smmsp
override_homedir = {{ansible_local.auth.method.homedir|default(homedir)}}/%u
[pam]
offline_credentials_expiration = 1
[domain/VANDERBILT]
entry_cache_timeout = 3600
cache_credentials = True
account_cache_expiration = 2
id_provider = ldap
access_provider = ldap
ldap_uri = ldap://ds.vanderbilt.edu
ldap_search_base = dc=ds,dc=vanderbilt,dc=edu
ldap_schema = rfc2307bis
ldap_default_bind_dn = cn={{ svc_username }},cn=users,dc=ds,dc=vanderbilt,dc=edu
ldap_default_authtok_type = password
ldap_default_authtok = {{ svc_password }}
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_force_upper_case_realm = True
ldap_group_object_class = group
ldap_tls_cacert = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
ldap_id_use_start_tls = True
ldap_referrals = False
ldap_account_expire_policy = ad
ldap_access_order = expire
ldap_user_search_base = cn=users,dc=ds,dc=vanderbilt,dc=edu
ldap_group_search_base = ou=AI Unix,ou=Information Management,ou=Organizational Units,dc=ds,dc=vanderbilt,dc=edu
[domain/VUMC]
case_sensitive = false
entry_cache_timeout = 3600
cache_credentials = True
account_cache_expiration = 2
id_provider = ldap
access_provider = ldap
ldap_uri = ldap://ds.vumc.io
ldap_search_base = dc=ds,dc=vumc,dc=io
ldap_schema = rfc2307bis
ldap_default_bind_dn = cn={{ svc_username }},cn=users,dc=ds,dc=vumc,dc=io
ldap_default_authtok_type = password
ldap_default_authtok = {{ svc_password }}
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_force_upper_case_realm = True
ldap_group_object_class = group
ldap_tls_cacert = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
ldap_id_use_start_tls = True
ldap_referrals = False
ldap_account_expire_policy = ad
ldap_access_order = expire
ldap_user_search_base = cn=users,dc=ds,dc=vumc,dc=io
ldap_group_search_base = OU=Linux GID,OU=Managed Groups,OU=Org Units,DC=ds,DC=vumc,DC=io
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment