50 lines
1.2 KiB
YAML
50 lines
1.2 KiB
YAML
---
|
|
- name: install needed packages
|
|
apt:
|
|
name:
|
|
- sssd-ldap
|
|
state: latest
|
|
|
|
- name: add URI to ldap.conf
|
|
lineinfile:
|
|
dest: /etc/ldap/ldap.conf
|
|
line: "URI ldaps://{{ ldap_server }}/"
|
|
insertafter: "#URI.*"
|
|
|
|
- name: add BASE to ldap.conf
|
|
lineinfile:
|
|
dest: /etc/ldap/ldap.conf
|
|
line: "BASE {{ basedn }}"
|
|
insertafter: "#BASE.*"
|
|
|
|
- name: do not verify cert
|
|
lineinfile:
|
|
dest: /etc/ldap/ldap.conf
|
|
line: "LDAPTLS_REQCERT never"
|
|
|
|
- name: set homepage
|
|
lineinfile:
|
|
dest: /etc/firefox-esr/firefox-esr.js
|
|
line: pref("browser.startup.homepage", "https://www.startpage.com");
|
|
|
|
#- name: enable pam_umask
|
|
# lineinfile:
|
|
# dest: /etc/pam.d/common-session
|
|
# line: "session optional pam_umask.so usergroups"
|
|
|
|
- name: enable pam_mkhomedir.so
|
|
lineinfile:
|
|
dest: /etc/pam.d/common-session
|
|
line: "session optional pam_mkhomedir.so"
|
|
insertafter: "# end of pam-auth-update config"
|
|
|
|
# command: /usr/sbin/pam-auth-update --enable mkhomedir
|
|
|
|
## oddjob-mkhomedir works only with sec=sys for the NFSv4 share
|
|
|
|
- name: provide identities from directory
|
|
template:
|
|
src: sssd.conf.j2
|
|
dest: /etc/sssd/sssd.conf
|
|
mode: 0600
|
|
notify: restart sssd
|