Default variable details
Some of the debops.sssd default variables have more extensive
configuration than simple strings or lists, here you can find documentation and
examples for them.
sssd__configuration
The sssd__*_configuration variables define the contents of the
/etc/sssd/sssd.conf configuration file. The variables are merged in
the order defined by the sssd__combined_configuration variable, which
allows modification of the default configuration through the Ansible inventory.
See sssd.conf(5) and the service-specific man pages (e.g.
sssd-ldap(5), sssd-krb5(5) or sssd-sudo(5)) for possible
configuration parameters and their values.
Examples
See sssd__default_configuration variable for an example of
existing configuration.
Enable debugging for the nss and pam subsystems:
sssd__configuration:
- section: 'nss'
options:
- debug_level: '0x0770'
- section: 'pam'
options:
- debug_level: '0x0770'
Enable enumeration (which means that sssd will download and cache all
users and groups from the LDAP server preemptively). This means that users
and groups will still be available in case of network outages, etc, but
enumeration is not suitable for large environments:
sssd__configuration:
- section: 'domain/default'
options:
- name: 'enumerate'
value: True
Syntax
The variables contain a list of YAML dictionaries, each dictionary can have the following parameters:
sectionRequired. Name of the sssd.conf(5) configuration section in which a given configuration option should be included. This parameter is used as an "anchor", configuration entries with the same
sectionare combined together and affect each other in order of appearance.titleOptional. This parameter can be used to provide a short description of the section which will be included in the generated configuration file.
stateOptional. If not specified or
present, a given section will be included in the generated configuration file. Ifabsent, the section will not be included in the file. Ifignore, a given configuration entry will not be evaluated during role execution. Ifhidden, the section's header and title will be hidden in the generated configuration file.weightOptional. A positive or negative number which can be used to affect the order of sections in the generated configuration file. Positive numbers add more "weight" to the section making it appear "lower" in the file; negative numbers substract the "weight" and therefore move the section upper in the file.
optionsRequired. A list of sssd configuration options for a given section. The
optionsparameters from configuration entries with the samesectionparameter are merged together in order of appearance and can affect each other.The options can be specified in a simple form as key/vaule pairs, where the key is the option name and value is the option value. Alternatively, if the
nameandvalueparameters are used, the entries can use an extended format with specific parameters:nameRequired. The name of a given sssd.conf(5) configuration option for a given
section. Options with the samesectionandnamewill be merged in order of appearance.valueRequired. The value of a given configuration option. It can be either a string, a boolean, a number, or a YAML list (elements will be joined with commas).
rawOptional. String or YAML text block which will be included in the configuration file "as is". If this parameter is specified, the
nameandvalueparameters are ignored - you need to specify the entire line(s) with configuration option names as well.stateOptional. If not defined or
present, a given configuration option or section will be included in the generated configuration file. Ifabsent,ignoreorinit, a given configuration option or section will not be included in the generated file. Ifcomment, the option will be included but commented out and inactive.commentOptional. String or YAML text block that contains comments about a given configuration option.