Default variable details

Some of the debops.sssd default variables have more extensive configuration than simple strings or lists, here you can find documentation and examples for them.

sssd__configuration

The sssd__*_configuration variables define the contents of the /etc/sssd/sssd.conf configuration file. The variables are merged in the order defined by the sssd__combined_configuration variable, which allows modification of the default configuration through the Ansible inventory. See sssd.conf(5) and the service-specific man pages (e.g. sssd-ldap(5), sssd-krb5(5) or sssd-sudo(5)) for possible configuration parameters and their values.

Examples

See sssd__default_configuration variable for an example of existing configuration.

Enable debugging for the nss and pam subsystems:

sssd__configuration:

  - section: 'nss'
    options:
      - debug_level: '0x0770'

  - section: 'pam'
    options:
      - debug_level: '0x0770'

Enable enumeration (which means that sssd will download and cache all users and groups from the LDAP server preemptively). This means that users and groups will still be available in case of network outages, etc, but enumeration is not suitable for large environments:

sssd__configuration:

  - section: 'domain/default'
    options:

      - name: 'enumerate'
        value: True

Syntax

The variables contain a list of YAML dictionaries, each dictionary can have the following parameters:

section
Required. Name of the sssd.conf(5) configuration section in which a given configuration option should be included. This parameter is used as an "anchor", configuration entries with the same section are combined together and affect each other in order of appearance.
title
Optional. This parameter can be used to provide a short description of the section which will be included in the generated configuration file.
state
Optional. If not specified or present, a given section will be included in the generated configuration file. If absent, the section will not be included in the file. If ignore, a given configuration entry will not be evaluated during role execution. If hidden, the section's header and title will be hidden in the generated configuration file.
weight
Optional. A positive or negative number which can be used to affect the order of sections in the generated configuration file. Positive numbers add more "weight" to the section making it appear "lower" in the file; negative numbers substract the "weight" and therefore move the section upper in the file.
options

Required. A list of sssd configuration options for a given section. The options parameters from configuration entries with the same section parameter are merged together in order of appearance and can affect each other.

The options can be specified in a simple form as key/vaule pairs, where the key is the option name and value is the option value. Alternatively, if the name and value parameters are used, the entries can use an extended format with specific parameters:

name
Required. The name of a given sssd.conf(5) configuration option for a given section. Options with the same section and name will be merged in order of appearance.
value
Required. The value of a given configuration option. It can be either a string, a boolean, a number, or a YAML list (elements will be joined with commas).
raw
Optional. String or YAML text block which will be included in the configuration file "as is". If this parameter is specified, the name and value parameters are ignored - you need to specify the entire line(s) with configuration option names as well.
state
Optional. If not defined or present, a given configuration option or section will be included in the generated configuration file. If absent, ignore or init, a given configuration option or section will not be included in the generated file. If comment, the option will be included but commented out and inactive.
comment
Optional. String or YAML text block that contains comments about a given configuration option.