{"id":22628061,"url":"https://github.com/turgon37/ansible-sssd","last_synced_at":"2026-05-01T09:32:49.575Z","repository":{"id":85532966,"uuid":"106999526","full_name":"Turgon37/ansible-sssd","owner":"Turgon37","description":"Ansible role to configure SSSD service","archived":false,"fork":false,"pushed_at":"2020-03-18T12:41:04.000Z","size":35,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-06T06:27:50.584Z","etag":null,"topics":["ansible","sssd"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Turgon37.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-15T09:36:54.000Z","updated_at":"2024-07-11T12:13:00.000Z","dependencies_parsed_at":null,"dependency_job_id":"2d01cbf7-cdb4-4ae4-b915-9562a8fecf41","html_url":"https://github.com/Turgon37/ansible-sssd","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Turgon37/ansible-sssd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Turgon37%2Fansible-sssd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Turgon37%2Fansible-sssd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Turgon37%2Fansible-sssd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Turgon37%2Fansible-sssd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Turgon37","download_url":"https://codeload.github.com/Turgon37/ansible-sssd/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Turgon37%2Fansible-sssd/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32492214,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","sssd"],"created_at":"2024-12-09T01:17:56.947Z","updated_at":"2026-05-01T09:32:49.559Z","avatar_url":"https://github.com/Turgon37.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Ansible Role SSSD\n========\n\n[![Build Status](https://travis-ci.org/Turgon37/ansible-sssd.svg?branch=master)](https://travis-ci.org/Turgon37/ansible-sssd)\n[![License](https://img.shields.io/badge/license-MIT%20License-brightgreen.svg)](https://opensource.org/licenses/MIT)\n[![Ansible Role](https://img.shields.io/badge/ansible%20role-Turgon37.sssd-blue.svg)](https://galaxy.ansible.com/Turgon37/sssd/)\n\n## Description\n\n:grey_exclamation: Before using this role, please know that all my Ansible roles are fully written and accustomed to my IT infrastructure. So, even if they are as generic as possible they will not necessarily fill your needs, I advice you to carrefully analyse what they do and evaluate their capability to be installed securely on your servers.\n\nThis roles configures SSSD authentication service backend.\n\n## Requirements\n\nRequire Ansible \u003e= 2.4\n\n### Dependencies\n\nIf you use the zabbix monitoring profile you will need the role [ansible-zabbix-agent](https://github.com/Turgon37/ansible-zabbix-agent)\n\n## OS Family\n\nThis role is available for Debian and CentOS\n\n## Features\n\nAt this day the role can be used to :\n\n  * install sssd\n  * configure service and domains\n  * monitoring items for\n    * Zabbix\n  * [local facts](#facts)\n\n## Configuration\n\n### Server\n\nAll variables which can be overridden are stored in [defaults/main.yml](defaults/main.yml) file as well as in table below. To see default values please refer to this file.\n\n| Name                                   | Types/Values           | Description                                                                              |\n| ---------------------------------------|------------------------| ---------------------------------------------------------------------------------------- |\n| `sssd__domains`                        | List of string         | List of domains to declare in sssd                                                       |\n| `sssd__services`                       | List of string         | List of services to enable                                                               |\n| `sssd__services_settings`              | Dict of dict of string | Each key is a service name, and each value is a dict of option that apply on that service|\n| `sssd__service_nss_settings`           | Dict of string         | Specific settings that apply on nss service                                              |\n| `sssd__service_pam_settings`           | Dict of string         | Specific settings that apply on pam service                                              |\n| `sssd__service_sudo_settings`          | Dict of string         | Specific settings that apply on sudo service                                             |\n| `sssd__service_autofs_settings`        | Dict of string         | Specific settings that apply on autofs service                                           |\n| `sssd__service_ssh_settings`           | Dict of string         | Specific settings that apply on ssh service                                              |\n| `sssd__service_pac_settings`           | Dict of string         | Specific settings that apply on pac service                                              |\n| `sssd__service_ifp_settings`           | Dict of string         | Specific settings that apply on ifp service                                              |\n| `sssd__domains_settings`               | Dict of dict of string | Each key is a domain name, and each value is a dict of option that apply on that domain  |\n| `sssd__domains_[domain_name]_settings` | Dict of string         | Specific settings that apply on named domain                                             |\n| `sssd__filter_users`                   | List of username       | Exclude theses users from sss fetchs                                                     |\n| `sssd__filter_groups`                  | List of group name     | Exclude theses groups from sss fetchs                                                    |\n\n* Using service settings\n\nThe multiple ways to declare services settings allow you to set them from multiple sources.\nThe final set of options that will be applied is the results of the merge of the following dicts in this respective order :\n\n* the global defaults sssd__services_settings_default[service_name]\n* the global user settings sssd__services_settings[service_name]\n* the specific defaults sssd__services_[service_name]_settings_default\n* the specific user settings sssd__services_[service_name]_settings_default\n\n* Using domain settings\n\nIn an analog way than services, the multiple ways to declare domains follow the following merge order :\n\n* the global defaults sssd__domains_settings[domain_name]\n* the global user settings sssd__domains_[domain_name]_settings\n\n## Facts\n\nBy default the local fact are installed and expose the following variables :\n\n* ```ansible_local.sssd.version_full```\n* ```ansible_local.sssd.version_major```\n\n\n## Example\n\n### Playbook\n\nUse it in a playbook as follows:\n\n```yaml\n- hosts: all\n  roles:\n    - turgon37.sssd\n```\n\n### Inventory\n\n  * Usage with freeipa \n\n```\nsssd__services:\n  - sudo\n  - nss\n  - pam\n  - ssh\nsssd__services_settings:\n  nss:\n    homedir_substring: /home\n    memcache_timeout: 600\nsssd__domains:\n  - domain.com\nsssd__domains_settings:\n  domain.com:\n    cache_credentials: 'True'\n    krb5_store_password_if_offline: 'True'\n    id_provider: ipa\n    auth_provider: ipa\n    access_provider: ipa\n    chpass_provider: ipa\n    ipa_domain: domain.com,\n    ldap_tls_cacert: freeipa_client__ca_path\n    ipa_hostname: ansible_fqdn,\n    ipa_server: \"{{ ['_srv_', '10.0.0.1']join(', ') }}\"\n    ipa_server_mode: 'True'\n```\n\nYou can view this example in a real usage here [basic usage](https://github.com/Turgon37/ansible-freeipa-client/blob/master/tasks/configure.yml)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fturgon37%2Fansible-sssd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fturgon37%2Fansible-sssd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fturgon37%2Fansible-sssd/lists"}