NOTE: This Ansible role is NOT production-ready.
Created and tested on a Debian Jessie machine.
This is a role for installing and configuring SSSD (see:
https://fedorahosted.org/sssd/) to authenticate against a FreeIPA
server (see: http://www.freeipa.org/).
---
Note to self:
sudo via sssd-ldap is an experimental feature in the version of sssd
(1.8) shipped with Wheezy
SSH task requires that the SSHD server support AuthorizedKeysCommand*
which was introduced in OpenSSH 6.2. Debian Wheezy ships with OpenSSH
6.0.
All of the above probably means that this role will not support Debian
Wheezy clients.
--
More notes to self:
Variables to define:
sssd_sssdconf_path_src: local path to sssd.conf
sssd_certificate_path_src: local path to FreeIPA server's crt (needed to allow LDAPS connections)
Additional tasks provide by this role:
configure_sshd.yml - configures SSH to look up authorized_keys via SSSD