Thulium-Drake / ansible-role-adjoin

Active Directory join for multiple domains
GNU General Public License v3.0
6 stars 5 forks source link

Allow multiple section with same domain #7

Open Tuxem opened 3 years ago

Tuxem commented 3 years ago

In sssd.conf.j2 it uses domain.name for realm. However, it can be different. For instance, for some search_base you want to apply different parameters (ex : different override_homedir)

Possible solution :

{% for domain in adjoin_domains %}
[domain/{{ domain.name }}]
id_provider = ad
krb5_realm = {{ domain.krb5_realm | default(domain.name) | upper }}
ldap_id_mapping = True
ignore_group_members = True
fallback_homedir = {{ adjoin_sssd_homedir }}
default_shell = {{ adjoin_sssd_default_shell }}
use_fully_qualified_names = {{ domain.use_fully_qualified_names | default(true) }}
Thulium-Drake commented 3 years ago

Can you give an example in how this is used? I'm curious!

Tuxem commented 3 years ago

We have one domain but we have to configure different options according to OUs. For instance : credential cache, override home etc... Maybe there is a simpler way of doing that but I'm not aware...

Thulium-Drake commented 3 years ago

If you make a difference based on the OU of the system I'd say that's the perfect job for the inventory.

I would figure out a means of determining which OU a system is in and grouping them in the inventory and configuring them that way.

Tuxem commented 3 years ago

In our case, we are using SSSD options for users OUs. In our case, several users are connecting to 1 computer. Some users need to be treated differently than others according to their OU.