├── .gitignore ├── .travis.yml ├── LICENSE ├── README.md ├── dcb-os.yml ├── defaults └── main.yml ├── handlers └── main.yml ├── meta └── main.yml ├── requirements.txt ├── tasks └── main.yml ├── templates ├── ldap.j2 ├── nslcd.conf.j2 └── nsswitch.conf.j2 ├── test.yml ├── tests ├── inventory └── test.yml └── vars ├── Alpine.yml ├── Archlinux.yml ├── Debian.yml ├── RedHat.yml └── main.yml /.gitignore: -------------------------------------------------------------------------------- 1 | **~ 2 | *.retry 3 | .ansible-roles/ 4 | Dockerfile.* 5 | requirements.yml -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | before_install: "if [[ \"$TRAVIS_OS_NAME\" == \"osx\" ]]\nthen\n brew upgrade openssl\ 2 | \ || brew install openssl || true\n brew upgrade python@3 || brew install python@3\ 3 | \ || true\n brew upgrade md5sha1sum || brew install md5sha1sum || true\n virtualenv\ 4 | \ venv -p python\n source venv/bin/activate\n pip install ansible\nfi" 5 | branches: 6 | except: 7 | - /^v\d+\.\d+(\.\d+)?(-\S*)?$/ 8 | dist: focal 9 | env: 10 | - OS=alpine_3.11 11 | - OS=alpine_3.12 12 | - OS=alpine_edge 13 | - OS=archlinux_latest 14 | - OS=centos_7 15 | - OS=centos_8 16 | - OS=debian_buster 17 | - OS=debian_stretch 18 | - OS=fedora_31 19 | - OS=fedora_32 20 | - OS=ubuntu_bionic 21 | - OS=ubuntu_focal 22 | - OS=ubuntu_xenial 23 | language: python 24 | python: '3.9' 25 | script: 26 | - ansible-galaxy-local-deps-write 27 | - dcb --upstreamgroup andrewrothstein --upstreamapp docker-ansible-role --pullall 28 | --writeall --buildall --pushall --alltags ${OS} 29 | services: 30 | - docker 31 | sudo: required 32 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Andrew Rothstein 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | andrewrothstein.nss-pam-ldap-configure 2 | ====================================== 3 | [![Build Status](https://travis-ci.org/andrewrothstein/ansible-nss-pam-ldap-configure.svg?branch=master)](https://travis-ci.org/andrewrothstein/ansible-nss-pam-ldap-configure) 4 | 5 | Configure NSS/PAM for LDAP. 6 | 7 | Requirements 8 | ------------ 9 | 10 | See [meta/main.yml](meta/main.yml) 11 | 12 | Role Variables 13 | -------------- 14 | 15 | See [defaults/main.yml](defaults/main.yml) 16 | 17 | Dependencies 18 | ------------ 19 | 20 | See [meta/main.yml](meta/main.yml) 21 | 22 | Example Playbook 23 | ---------------- 24 | ```yml 25 | - hosts: servers 26 | roles: 27 | - andrewrothstein.nss-pam-ldap-configure 28 | ``` 29 | 30 | License 31 | ------- 32 | 33 | MIT 34 | 35 | Author Information 36 | ------------------ 37 | 38 | Andrew Rothstein 39 | -------------------------------------------------------------------------------- /dcb-os.yml: -------------------------------------------------------------------------------- 1 | - alpine_3.11 2 | - alpine_3.12 3 | - alpine_edge 4 | - archlinux_latest 5 | - centos_7 6 | - centos_8 7 | - debian_buster 8 | - debian_stretch 9 | - fedora_31 10 | - fedora_32 11 | - ubuntu_bionic 12 | - ubuntu_focal 13 | - ubuntu_xenial 14 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #nss_pam_ldap_uid: nslcd 3 | #nss_pam_ldap_gid: ldap 4 | #nss_pam_ldap_uri: ["ldap://127.0.0.1/"] 5 | #nss_pam_ldap_dn: 'dc=example,dc=com' 6 | 7 | #nss_pam_ldap_binddn: 'cn=proxyuser,{{nss_pam_ldap_dn}}' 8 | #nss_pam_ldap_bindpw: 'secret' 9 | #nss_pam_ldap_rootpwmoddn: 'cn=admin,{{nss_pam_ldap_dn}}' 10 | 11 | #nss_pam_ldap_scope: 12 | # - sub 13 | # - one 14 | # - base 15 | 16 | #nss_pam_ldap_custom_lookups: 17 | # - db: base 18 | # ty: group 19 | # target: ou=Groups,dc=example,dc=com 20 | # - db: base 21 | # ty: passwd 22 | # target: ou=People,dc=example,dc=com 23 | 24 | #nss_pam_ldap_bind_timelimit: 30 25 | #nss_pam_ldap_timelimit: 30 26 | #nss_pam_ldap_idle_timelimit: 3600 27 | 28 | #nss_pam_ldap_ssl: start_tls 29 | #nss_pam_ldap_tls_cacertdir: /etc/ssl/certs 30 | #nss_pam_ldap_tls_cacertfile: /etc/ssl/ca.cert 31 | #nss_pam_ldap_tls_ciphers: TLSv1 32 | #nss_pam_ldap_tls_cer: /etc/ssl/{{inventory-hostname}}-key.pem 33 | 34 | #nss_pam_ldap_nss_passwd: ['files', 'ldap'] 35 | #nss_pam_ldap_nss_shadow: ['files', 'ldap'] 36 | #nss_pam_ldap_nss_group: ['files', 'ldap'] 37 | #nss_pam_ldap_nss_hosts: 38 | # - files 39 | # - dns 40 | # - myhostname 41 | # - mymachines 42 | # - ldap 43 | #nss_pam_ldap_nss_bootparams: ['files', 'ldap'] 44 | #nss_pam_ldap_nss_ethers: ['files', 'ldap'] 45 | #nss_pam_ldap_nss_protocols: ['files', 'ldap'] 46 | #nss_pam_ldap_nss_rpc: ['files', 'ldap'] 47 | #nss_pam_ldap_nss_services: ['files', 'ldap'] 48 | #nss_pam_ldap_nss_netgroup: ['ldap'] 49 | #nss_pam_ldap_nss_publickey: ['files', 'ldap'] 50 | #nss_pam_ldap_nss_automount: ['files', 'ldap'] 51 | #nss_pam_ldap_nss_aliases: ['files', 'ldap'] 52 | 53 | #nss_pam_ldap_minimum_uid: 1000 54 | 55 | # nss_pam_ldap_tls_mappings: 56 | # - db: passwd 57 | # field: loginShell 58 | # mapped_to: "\"/bin/bash\"" 59 | 60 | nss_pam_ldap_activate: True 61 | nss_pam_ldap_backup_files: False 62 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for nss-pam-ldap 3 | - name: restart nslcd 4 | when: nss_pam_ldap_activate 5 | service: 6 | name: nslcd 7 | state: restarted 8 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Andrew Rothstein 4 | description: setup LDAP based PAM authentication with nslcd 5 | company: BlackRock 6 | license: 7 | - MIT 8 | min_ansible_version: 2.0 9 | platforms: 10 | - name: Alpine 11 | versions: 12 | - all 13 | - name: Archlinux 14 | versions: 15 | - all 16 | - name: Debian 17 | versions: 18 | - buster 19 | - stretch 20 | - name: EL 21 | versions: 22 | - 7 23 | - 8 24 | - name: Fedora 25 | versions: 26 | - 31 27 | - 32 28 | - name: Ubuntu 29 | versions: 30 | - bionic 31 | - focal 32 | - xenial 33 | galaxy_tags: 34 | - pam 35 | - auth 36 | - ldap 37 | - nss 38 | 39 | dependencies: 40 | - role: andrewrothstein.nss-pam-ldap 41 | version: v1.0.5 42 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | ansible-galaxy-local-deps == 0.0.14 2 | dcb == 0.0.17 -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: resolve platform specific vars 3 | include_vars: '{{ item }}' 4 | with_first_found: 5 | - files: 6 | - '{{ ansible_distribution }}-{{ ansible_distribution_release }}.yml' 7 | - '{{ ansible_distribution }}.yml' 8 | - '{{ ansible_os_family }}.yml' 9 | skip: true 10 | paths: 11 | - '{{ role_path }}/vars' 12 | 13 | - name: templatize 14 | become: yes 15 | become_user: root 16 | with_items: 17 | - f: nslcd.conf 18 | d: /etc 19 | - f: nsswitch.conf 20 | d: /etc 21 | m: '0644' 22 | - f: ldap 23 | d: /etc/pam.d 24 | template: 25 | src: '{{ item.f }}.j2' 26 | dest: '{{ item.d }}/{{ item.f }}' 27 | mode: '{{ item.m | default("0600") }}' 28 | backup: '{{ nss_pam_ldap_backup_files }}' 29 | notify: restart nslcd 30 | 31 | - name: start service 32 | become: yes 33 | become_user: root 34 | when: nss_pam_ldap_activate 35 | service: 36 | name: nslcd 37 | state: started 38 | -------------------------------------------------------------------------------- /templates/ldap.j2: -------------------------------------------------------------------------------- 1 | auth sufficient pam_ldap.so minimum_uid={{nss_pam_ldap_minimum_uid|default(1000)}} user_first_pass 2 | 3 | account sufficient pam_ldap.so minimum_uid={{nss_pam_ldap_minimum_uid|default(1000)}} 4 | 5 | session optional pam_ldap.so minimum_uid={{nss_pam_ldap_minimum_uid|default(1000)}} 6 | 7 | password sufficient pam_ldap.so minimum_uid={{nss_pam_ldap_minimum_uid|default(1000)}} try_first_pass -------------------------------------------------------------------------------- /templates/nslcd.conf.j2: -------------------------------------------------------------------------------- 1 | # This is the configuration file for the LDAP nameservice 2 | # switch library's nslcd daemon. It configures the mapping 3 | # between NSS names (see /etc/nsswitch.conf) and LDAP 4 | # information in the directory. 5 | # See the manual page nslcd.conf(5) for more information. 6 | 7 | # The user and group nslcd should run as. 8 | uid {{nss_pam_ldap_uid | default(nss_pam_ldap_uid_default)}} 9 | gid {{nss_pam_ldap_gid | default(nss_pam_ldap_gid_default)}} 10 | 11 | # The uri pointing to the LDAP server to use for name lookups. 12 | # Multiple entries may be specified. The address that is used 13 | # here should be resolvable without using LDAP (obviously). 14 | #uri ldap://127.0.0.1/ 15 | #uri ldaps://127.0.0.1/ 16 | #uri ldapi://%2fvar%2frun%2fldapi_sock/ 17 | # Note: %2f encodes the '/' used as directory separator 18 | uri {{nss_pam_ldap_uri | default(['ldap://127.0.0.1/']) | join(" ")}} 19 | 20 | # The LDAP version to use (defaults to 3 21 | # if supported by client library) 22 | #ldap_version 3 23 | 24 | # The distinguished name of the search base. 25 | base {{nss_pam_ldap_dn|default('dc=example,dc=com')}} 26 | 27 | # The distinguished name to bind to the server with. 28 | # Optional: default is to bind anonymously. 29 | {% if nss_pam_ldap_binddn is defined %} 30 | binddn {{nss_pam_ldap_binddn}} 31 | {% else %} 32 | #binddn cn=proxyuser,dc=example,dc=com 33 | {% endif %} 34 | 35 | # The credentials to bind with. 36 | # Optional: default is no credentials. 37 | # Note that if you set a bindpw you should check the permissions of this file. 38 | {% if nss_pam_ldap_bindpw is defined %} 39 | bindpw {{nss_pam_ldap_bindpw}} 40 | {% else %} 41 | #bindpw secret 42 | {% endif %} 43 | 44 | # The distinguished name to perform password modifications by root by. 45 | {% if nss_pam_ldap_rootpwmoddn is defined %} 46 | rootpwmoddn {{nss_pam_ldap_rootpwmoddn}} 47 | {% else %} 48 | #rootpwmoddn cn=admin,dc=example,dc=com 49 | {% endif %} 50 | 51 | # The default search scope. 52 | {% if nss_pam_ldap_scope is defined %} 53 | {% for s in nss_pam_ldap_scope %} 54 | scope {{s}} 55 | {% endfor %} 56 | {% else %} 57 | #scope sub 58 | #scope one 59 | #scope base 60 | {% endif %} 61 | 62 | # Customize certain database lookups. 63 | {% if nss_pam_ldap_custom_lookups is defined %} 64 | {% for m in nss_pam_ldap_custom_lookups %} 65 | {{m.db}} {{m.ty}} {{m.target}} 66 | {% endfor %} 67 | {% else %} 68 | #base group ou=Groups,dc=example,dc=com 69 | #base passwd ou=People,dc=example,dc=com 70 | #base shadow ou=People,dc=example,dc=com 71 | #scope group onelevel 72 | #scope hosts sub 73 | {% endif %} 74 | 75 | # Bind/connect timelimit. 76 | {% if nss_pam_ldap_bind_timelimit is defined %} 77 | bind_timelimit {{nss_pam_ldap_bind_timelimit}} 78 | {% else %} 79 | #bind_timelimit 30 80 | {% endif %} 81 | 82 | # Search timelimit. 83 | {% if nss_pam_ldap_timelimit is defined %} 84 | timelimit {{nss_pam_ldap_timelimit}} 85 | {% else %} 86 | #timelimit 30 87 | {% endif %} 88 | 89 | # Idle timelimit. nslcd will close connections if the 90 | # server has not been contacted for the number of seconds. 91 | {% if nss_pam_ldap_idle_timelimit is defined %} 92 | idle_timelimit {{nss_pam_ldap_idle_timelimit}} 93 | {% else %} 94 | #idle_timelimit 3600 95 | {% endif %} 96 | 97 | # Use StartTLS without verifying the server certificate. 98 | {% if nss_pam_ldap_ssl is defined %} 99 | ssl {{nss_pam_ldap_ssl}} 100 | {% else %} 101 | #ssl start_tls 102 | {% endif %} 103 | {% if nss_pam_ldap_tls_reqcert is defined %} 104 | tls_reqcert {{nss_pam_ldap_tls_reqcert}} 105 | {% else %} 106 | #tls_reqcert never 107 | {% endif %} 108 | 109 | # CA certificates for server certificate verification 110 | {% if nss_pam_ldap_tls_cacertdir is defined %} 111 | tls_cacertdir {{nss_pam_ldap_tls_cacertdir}} 112 | {% else %} 113 | #tls_cacertdir /etc/ssl/certs 114 | {% endif %} 115 | {% if nss_pam_ldap_tls_cacertfile is defined %} 116 | tls_cacertfile {{nss_pam_ldap_tls_cacertfile}} 117 | {% else %} 118 | #tls_cacertfile /etc/ssl/ca.cert 119 | {% endif %} 120 | 121 | # Seed the PRNG if /dev/urandom is not provided 122 | #tls_randfile /var/run/egd-pool 123 | 124 | # SSL cipher suite 125 | # See man ciphers for syntax 126 | {% if nss_pam_ldap_tls_ciphers is defined %} 127 | tls_ciphers {{nss_pam_ldap_tls_ciphers}} 128 | {% else %} 129 | #tls_ciphers TLSv1 130 | {% endif %} 131 | 132 | # Client certificate and key 133 | # Use these, if your server requires client authentication. 134 | {% if nss_pam_ldap_tls_cert is defined %} 135 | tls_cert {{nss_pam_ldap_tls_cert}} 136 | {% else %} 137 | #tls_cert 138 | {% endif %} 139 | {% if nss_pam_ldap_tls_key is defined %} 140 | tls_key {{nss_pam_ldap_tls_key}} 141 | {% else %} 142 | #tls_key 143 | {% endif %} 144 | 145 | {% for mapping in nss_pam_ldap_tls_mappings | default([]) %} 146 | map {{ mapping.db }} {{ mapping.field }} {{ mapping.mapped_to }} 147 | {% endfor %} 148 | 149 | # Mappings for Services for UNIX 3.5 150 | #filter passwd (objectClass=User) 151 | #map passwd uid msSFU30Name 152 | #map passwd userPassword msSFU30Password 153 | #map passwd homeDirectory msSFU30HomeDirectory 154 | #map passwd homeDirectory msSFUHomeDirectory 155 | #filter shadow (objectClass=User) 156 | #map shadow uid msSFU30Name 157 | #map shadow userPassword msSFU30Password 158 | #filter group (objectClass=Group) 159 | #map group member msSFU30PosixMember 160 | 161 | # Mappings for Services for UNIX 2.0 162 | #filter passwd (objectClass=User) 163 | #map passwd uid msSFUName 164 | #map passwd userPassword msSFUPassword 165 | #map passwd homeDirectory msSFUHomeDirectory 166 | #map passwd gecos msSFUName 167 | #filter shadow (objectClass=User) 168 | #map shadow uid msSFUName 169 | #map shadow userPassword msSFUPassword 170 | #map shadow shadowLastChange pwdLastSet 171 | #filter group (objectClass=Group) 172 | #map group member posixMember 173 | 174 | # Mappings for Active Directory 175 | #pagesize 1000 176 | #referrals off 177 | #idle_timelimit 800 178 | #filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) 179 | #map passwd uid sAMAccountName 180 | #map passwd homeDirectory unixHomeDirectory 181 | #map passwd gecos displayName 182 | #filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) 183 | #map shadow uid sAMAccountName 184 | #map shadow shadowLastChange pwdLastSet 185 | #filter group (objectClass=group) 186 | 187 | # Alternative mappings for Active Directory 188 | # (replace the SIDs in the objectSid mappings with the value for your domain) 189 | #pagesize 1000 190 | #referrals off 191 | #idle_timelimit 800 192 | #filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer))) 193 | #map passwd uid cn 194 | #map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 195 | #map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 196 | #map passwd homeDirectory "/home/$cn" 197 | #map passwd gecos displayName 198 | #map passwd loginShell "/bin/bash" 199 | #filter group (|(objectClass=group)(objectClass=person)) 200 | #map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 201 | 202 | # Mappings for AIX SecureWay 203 | #filter passwd (objectClass=aixAccount) 204 | #map passwd uid userName 205 | #map passwd userPassword passwordChar 206 | #map passwd uidNumber uid 207 | #map passwd gidNumber gid 208 | #filter group (objectClass=aixAccessGroup) 209 | #map group cn groupName 210 | #map group gidNumber gid 211 | # This comment prevents repeated auto-migration of settings. 212 | -------------------------------------------------------------------------------- /templates/nsswitch.conf.j2: -------------------------------------------------------------------------------- 1 | # 2 | # /etc/nsswitch.conf 3 | # 4 | # An example Name Service Switch config file. This file should be 5 | # sorted with the most-used services at the beginning. 6 | # 7 | # The entry '[NOTFOUND=return]' means that the search for an 8 | # entry should stop if the search in the previous entry turned 9 | # up nothing. Note that if the search failed due to some other reason 10 | # (like no NIS server responding) then the search continues with the 11 | # next entry. 12 | # 13 | # Valid entries include: 14 | # 15 | # nisplus Use NIS+ (NIS version 3) 16 | # nis Use NIS (NIS version 2), also called YP 17 | # dns Use DNS (Domain Name Service) 18 | # files Use the local files 19 | # db Use the local database (.db) files 20 | # compat Use NIS on compat mode 21 | # hesiod Use Hesiod for user lookups 22 | # [NOTFOUND=return] Stop searching if not found so far 23 | # 24 | 25 | # To use db, put the "db" in front of "files" for entries you want to be 26 | # looked up first in the databases 27 | # 28 | # Example: 29 | #passwd: db files nisplus nis 30 | #shadow: db files nisplus nis 31 | #group: db files nisplus nis 32 | 33 | passwd: {{nss_pam_ldap_nss_passwd | default(["files", "ldap"]) | join(" ")}} 34 | shadow: {{nss_pam_ldap_nss_shadow | default(["files", "ldap"]) | join(" ")}} 35 | group: {{nss_pam_ldap_nss_group | default(["files", "ldap"]) | join(" ")}} 36 | 37 | hosts: {{nss_pam_ldap_nss_hosts | default(["files", "dns", "myhostname", "mymachines", "ldap"]) | join(" ")}} 38 | 39 | bootparams: {{nss_pam_ldap_nss_bootparams | default(["files", "ldap"]) | join(" ")}} 40 | 41 | ethers: {{nss_pam_ldap_nss_ethers | default(["files", "ldap"]) | join(" ")}} 42 | netmasks: {{nss_pam_ldap_nss_netmasks | default(["files", "ldap"]) | join(" ")}} 43 | networks: {{nss_pam_ldap_nss_networks | default(["files", "ldap"]) | join(" ")}} 44 | protocols: {{nss_pam_ldap_nss_protocols | default(["files", "ldap"]) | join(" ")}} 45 | rpc: {{nss_pam_ldap_nss_rpc | default(["files", "ldap"]) | join(" ")}} 46 | services: {{nss_pam_ldap_nss_services | default(["files", "ldap"]) | join(" ")}} 47 | 48 | netgroup: {{nss_pam_ldap_nss_netgroup | default(["ldap"]) | join(" ")}} 49 | 50 | publickey: {{nss_pam_ldap_nss_publickey | default(["files", "ldap"]) | join(" ")}} 51 | 52 | automount: {{nss_pam_ldap_nss_automount | default(["files", "ldap"]) | join(" ")}} 53 | aliases: {{nss_pam_ldap_nss_aliases | default(["files", "ldap"]) | join(" ")}} 54 | -------------------------------------------------------------------------------- /test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | roles: 4 | - role: '{{ playbook_dir }}' 5 | nss_pam_ldap_activate: False 6 | -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | localhost -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - nss-pam-ldap -------------------------------------------------------------------------------- /vars/Alpine.yml: -------------------------------------------------------------------------------- 1 | --- 2 | nss_pam_ldap_uid_default: nslcd 3 | nss_pam_ldap_gid_default: nslcd 4 | -------------------------------------------------------------------------------- /vars/Archlinux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | nss_pam_ldap_uid_default: nslcd 3 | nss_pam_ldap_gid_default: nslcd 4 | -------------------------------------------------------------------------------- /vars/Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | nss_pam_ldap_uid_default: nslcd 3 | nss_pam_ldap_gid_default: nslcd 4 | -------------------------------------------------------------------------------- /vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | nss_pam_ldap_uid_default: nslcd 3 | nss_pam_ldap_gid_default: ldap 4 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for nss-pam-ldap 3 | --------------------------------------------------------------------------------