This role setups and configures the pam ldap module
This role setups and configures the pam ldap module
This role requires and apt based system
| Name | Required/Default | Description |
|---|---|---|
pam_ldap_nslcd_conf |
{'uid': 'nslcd', 'gid': 'nslcd' } |
Dict containing the option key/value pairs. According to the nslcd.conf man page. If a value can be defined multiple times just use a list containg all values. |
pam_ldap_access_conf |
[] |
List containing Dicts with access settings. According to the access.conf man page. |
pam_ldap_access_confEach list entry has to have following attributes
| Name | Required/Default | Description |
|---|---|---|
permission |
 |
Can be either a “+” character (plus) for access granted or a “-“ character (minus) for access denied. |
object |
|
The users/group field, should be a list of one or more login names, group names, or ALL (which always matches). To differentiate user entries from group entries, group entries should be written with brackets, e.g. (group). |
origins |
|
The origins field should be a list of one or more tty names (for non-networked logins), host names, domain names (begin with “.”), host addresses, internet network numbers (end with “.”), internet network addresses with network mask (where network mask can be a decimal number or an internet address also), ALL (which always matches) or LOCAL. |
For more information please see the access.conf man page.
- hosts: pam_ldaproles:- role: pam_ldappam_ldap_nslcd_conf:uri:- "ldaps://ldap01.example.com:636"base: "dc=wheel,dc=example,dc=com"pam_ldap_access_conf:- permission: +objects: (wheel)origins: ALL
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.