Reference

SSSD::AD::Access::Filter
SSSD::AD::GPO::Default::Right
SSSD::Certificate::Verification
SSSD::LDAP::Access::Order
SSSD::Provider::Access
SSSD::Provider::Auth
SSSD::Provider::AutoFS: @since 2.0.0
SSSD::Provider::Chpass
SSSD::Provider::HostID
SSSD::Provider::ID
SSSD::Provider::SELinux
SSSD::Provider::Subdomains
SSSD::Provider::Sudo
SSSD::Search::Base
SSSD::Subdomain::Inherit
SSSD::Type

Classes

`sssd`

Manage SSSD.

Since 1.0.0
See also
- puppet_classes::sssd::dbus
  - sssd::dbus
- puppet_defined_types::sssd::domain
  - sssd::domain
- puppet_defined_types::sssd::service
  - sssd::service

Examples

Declaring the class

include sssd
sssd::service { 'nss': }
sssd::domain { 'example.com':
  id_provider => 'ldap',
  ...
}

Parameters

The following parameters are available in the sssd class:

conf_dir
conf_file
domains
package_name
service_name
services
service_enable
service_ensure
socket_services
use_socket_activation
debug
debug_level
debug_timestamps
debug_microseconds
config_file_version
reconnection_retries
re_expression
full_name_format
try_inotify
krb5_rcache_dir
user
default_domain_suffix
override_space
certificate_verification
disable_netlink
enable_files_domain
domain_resolution_order

`conf_dir`

Data type: Stdlib::Absolutepath

Default value: $sssd::params::conf_dir

`conf_file`

Data type: Stdlib::Absolutepath

Default value: $sssd::params::conf_file

`domains`

Data type: Hash[String, Hash[String, Any]]

Default value: {}

`package_name`

Data type: Variant[String, Array[String, 1]]

Default value: $sssd::params::package_name

`service_name`

Data type: String

Default value: $sssd::params::service_name

`services`

Data type: Hash[String, Hash[String, Any]]

Default value: {}

`service_enable`

Data type: Boolean

Default value: true

`service_ensure`

Data type: Enum['running', 'stopped']

Default value: 'running'

`socket_services`

Data type: Hash[SSSD::Type, Variant[String, Array[String, 1]]]

Default value: $sssd::params::socket_services

`use_socket_activation`

Data type: Boolean

Default value: $sssd::params::use_socket_activation

`debug`

Data type: Optional[Integer[0]]

Default value: undef

`debug_level`

Data type: Optional[Integer[0]]

Default value: undef

`debug_timestamps`

Data type: Optional[Boolean]

Default value: undef

`debug_microseconds`

Data type: Optional[Boolean]

Default value: undef

`config_file_version`

Data type: Integer[2]

Default value: 2

`reconnection_retries`

Data type: Optional[Integer[0]]

Default value: undef

`re_expression`

Data type: Optional[String]

Default value: undef

`full_name_format`

Data type: Optional[String]

Default value: undef

`try_inotify`

Data type: Optional[Boolean]

Default value: undef

`krb5_rcache_dir`

Data type: Optional[Variant[Stdlib::Absolutepath, Enum['__LIBKRB5_DEFAULTS__']]]

Default value: undef

`user`

Data type: Optional[String]

Default value: undef

`default_domain_suffix`

Data type: Optional[String]

Default value: undef

`override_space`

Data type: Optional[String]

Default value: undef

`certificate_verification`

Data type: Optional[Array[SSSD::Certificate::Verification, 1]]

Default value: undef

`disable_netlink`

Data type: Optional[Boolean]

Default value: undef

`enable_files_domain`

Data type: Optional[Boolean]

Default value: undef

`domain_resolution_order`

Data type: Optional[Array[String, 1]]

Default value: undef

`sssd::config`

The sssd::config class.

`sssd::daemon`

The sssd::daemon class.

`sssd::dbus`

Manage the SSSD InfoPipe responder

Since 1.0.0
See also
- puppet_classes::sssd
  - sssd
- puppet_defined_types::sssd::service
  - sssd::service

Examples

Declaring the class

include dbus
include sssd
include sssd::dbus

Parameters

The following parameters are available in the sssd::dbus class:

package_name
use_socket_activation
debug
debug_level
debug_timestamps
debug_microseconds
timeout
reconnection_retries
fd_limit
client_idle_timeout
offline_timeout
responder_idle_timeout
cache_first
allowed_uids
user_attributes
wildcard_limit

`package_name`

Data type: String

Default value: $sssd::params::dbus_package_name

`use_socket_activation`

Data type: Boolean

Default value: $sssd::use_socket_activation

`debug`

Data type: Optional[Integer[0]]

Default value: undef

`debug_level`

Data type: Optional[Integer[0]]

Default value: undef

`debug_timestamps`

Data type: Optional[Boolean]

Default value: undef

`debug_microseconds`

Data type: Optional[Boolean]

Default value: undef

`timeout`

Data type: Optional[Integer[0]]

Default value: undef

`reconnection_retries`

Data type: Optional[Integer[0]]

Default value: undef

`fd_limit`

Data type: Optional[Integer[0]]

Default value: undef

`client_idle_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`offline_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`responder_idle_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`cache_first`

Data type: Optional[Boolean]

Default value: undef

`allowed_uids`

Data type: Optional[Array[Variant[Integer[0], String], 1]]

Default value: undef

`user_attributes`

Data type: Optional[Array[String, 1]]

Default value: undef

`wildcard_limit`

Data type: Optional[Integer[0]]

Default value: undef

`sssd::dbus::config`

The sssd::dbus::config class.

`sssd::dbus::install`

The sssd::dbus::install class.

`sssd::install`

The sssd::install class.

`sssd::params`

The sssd::params class.

Defined types

`sssd::domain`

Define an SSSD domain.

Since 1.0.0
See also
- puppet_classes::sssd
  - ::sssd

Examples

Define an LDAP domain

include sssd
sssd::domain { 'example.com':
  id_provider           => 'ldap',
  ldap_schema           => 'rfc2307',
  ldap_uri              => ['ldap://192.0.2.1'],
  ldap_search_base      => 'dc=example,dc=com',
  ldap_tls_reqcert      => 'never',
  ldap_id_use_start_tls => false,
  ldap_default_bind_dn  => 'cn=Manager,dc=example,dc=com',
  ldap_default_authtok  => 'secret',
}

Parameters

The following parameters are available in the sssd::domain defined type:

id_provider
domain
debug
debug_level
debug_timestamps
debug_microseconds
timeout
domain_type
max_id
min_id
enumerate
subdomain_enumerate
entry_cache_timeout
entry_cache_user_timeout
entry_cache_group_timeout
entry_cache_netgroup_timeout
entry_cache_service_timeout
entry_cache_sudo_timeout
entry_cache_autofs_timeout
entry_cache_ssh_host_timeout
refresh_expired_interval
cache_credentials
cache_credentials_minimal_first_factor_length
account_cache_expiration
pwd_expiration_warning
use_fully_qualified_names
ignore_group_members
auth_provider
access_provider
chpass_provider
sudo_provider
selinux_provider
subdomains_provider
autofs_provider
hostid_provider
re_expression
full_name_format
lookup_family_order
dns_resolver_timeout
dns_discovery_domain
override_gid
case_sensitive
subdomain_inherit
subdomain_homedir
realmd_tags
cached_auth_timeout
dyndns_update
dyndns_ttl
dyndns_iface
dyndns_refresh_interval
dyndns_update_ptr
dyndns_force_tcp
dyndns_auth
dyndns_server
override_homedir
homedir_substring
wildcard_limit
simple_allow_users
simple_deny_users
simple_allow_groups
simple_deny_groups
proxy_pam_target
proxy_lib_name
proxy_fast_alias
proxy_max_children
default_shell
base_directory
create_homedir
remove_homedir
homedir_umask
skel_dir
mail_dir
userdel_cmd
ldap_uri
ldap_backup_uri
ldap_chpass_uri
ldap_chpass_backup_uri
ldap_search_base
ldap_schema
ldap_default_bind_dn
ldap_default_authtok_type
ldap_default_authtok
ldap_user_object_class
ldap_user_name
ldap_user_uid_number
ldap_user_gid_number
ldap_user_gecos
ldap_user_home_directory
ldap_user_shell
ldap_user_uuid
ldap_user_objectsid
ldap_user_modify_timestamp
ldap_user_shadow_last_change
ldap_user_shadow_min
ldap_user_shadow_max
ldap_user_shadow_warning
ldap_user_shadow_inactive
ldap_user_shadow_expire
ldap_user_krb_last_pwd_change
ldap_user_krb_password_expiration
ldap_user_ad_account_expires
ldap_user_ad_user_account_control
ldap_ns_account_lock
ldap_user_nds_login_disabled
ldap_user_nds_login_expiration_time
ldap_user_nds_login_allowed_time_map
ldap_user_principal
ldap_user_extra_attrs
ldap_user_ssh_public_key
ldap_force_upper_case_realm
ldap_enumeration_refresh_timeout
ldap_purge_cache_timeout
ldap_user_fullname
ldap_user_member_of
ldap_user_authorized_service
ldap_user_authorized_host
ldap_user_certificate
ldap_group_object_class
ldap_group_name
ldap_group_gid_number
ldap_group_member
ldap_group_uuid
ldap_group_objectsid
ldap_group_modify_timestamp
ldap_group_type
ldap_group_external_member
ldap_group_nesting_level
ldap_groups_use_matching_rule_in_chain
ldap_initgroups_use_matching_rule_in_chain
ldap_use_tokengroups
ldap_netgroup_object_class
ldap_netgroup_name
ldap_netgroup_member
ldap_netgroup_triple
ldap_netgroup_modify_timestamp
ldap_service_object_class
ldap_service_name
ldap_service_port
ldap_service_proto
ldap_service_search_base
ldap_search_timeout
ldap_enumeration_search_timeout
ldap_network_timeout
ldap_opt_timeout
ldap_connection_expire_timeout
ldap_page_size
ldap_disable_paging
ldap_disable_range_retrieval
ldap_sasl_minssf
ldap_sasl_maxssf
ldap_deref_threshold
ldap_tls_reqcert
ldap_tls_cacert
ldap_tls_cacertdir
ldap_tls_cert
ldap_tls_key
ldap_tls_cipher_suite
ldap_auth_disable_tls_never_use_in_production
ldap_id_use_start_tls
ldap_id_mapping
ldap_idmap_range_min
ldap_idmap_range_max
ldap_idmap_range_size
ldap_idmap_default_domain_sid
ldap_idmap_default_domain
ldap_idmap_autorid_compat
ldap_idmap_helper_table_size
ldap_max_id
ldap_min_id
ldap_sasl_mech
ldap_sasl_authid
ldap_sasl_realm
ldap_sasl_canonicalize
ldap_krb5_keytab
ldap_krb5_init_creds
ldap_krb5_ticket_lifetime
ldap_pwd_policy
ldap_referrals
ldap_dns_service_name
ldap_chpass_dns_service_name
ldap_chpass_update_last_change
ldap_access_filter
ldap_account_expire_policy
ldap_access_order
ldap_pwdlockout_dn
ldap_deref
ldap_rfc2307_fallback_to_local_users
ldap_sudorule_object_class
ldap_sudorule_name
ldap_sudorule_command
ldap_sudorule_host
ldap_sudorule_user
ldap_sudorule_option
ldap_sudorule_runasuser
ldap_sudorule_runasgroup
ldap_sudorule_notbefore
ldap_sudorule_notafter
ldap_sudorule_order
ldap_sudo_full_refresh_interval
ldap_sudo_smart_refresh_interval
ldap_sudo_use_host_filter
ldap_sudo_hostnames
ldap_sudo_ip
ldap_sudo_include_netgroups
ldap_sudo_include_regexp
ldap_autofs_map_master_name
ldap_autofs_map_object_class
ldap_autofs_map_name
ldap_autofs_entry_object_class
ldap_autofs_entry_key
ldap_autofs_entry_value
ldap_netgroup_search_base
ldap_user_search_base
ldap_group_search_base
ldap_sudo_search_base
ldap_autofs_search_base
krb5_server
krb5_backup_server
krb5_realm
krb5_kpasswd
krb5_backup_kpasswd
krb5_ccachedir
krb5_ccname_template
krb5_auth_timeout
krb5_validate
krb5_keytab
krb5_store_password_if_offline
krb5_renewable_lifetime
krb5_lifetime
krb5_renew_interval
krb5_use_fast
krb5_fast_principal
krb5_canonicalize
krb5_use_kdcinfo
krb5_use_enterprise_principal
krb5_map_user
krb5_confd_path
ad_domain
ad_enabled_domains
ad_server
ad_backup_server
ad_hostname
ad_enable_dns_sites
ad_access_filter
ad_site
ad_enable_gc
ad_gpo_access_control
ad_gpo_cache_timeout
ad_gpo_map_interactive
ad_gpo_map_remote_interactive
ad_gpo_map_network
ad_gpo_map_batch
ad_gpo_map_service
ad_gpo_map_permit
ad_gpo_map_deny
ad_gpo_default_right
ad_maximum_machine_account_password_age
ad_machine_account_password_renewal_opts
ipa_domain
ipa_server
ipa_backup_server
ipa_hostname
ipa_enable_dns_sites
ipa_hbac_search_base
ipa_host_search_base
ipa_selinux_search_base
ipa_subdomains_search_base
ipa_master_domain_search_base
ipa_views_search_base
ipa_hbac_refresh
ipa_hbac_selinux
ipa_server_mode
ipa_automount_location
ipa_view_class
ipa_view_name
ipa_override_object_class
ipa_anchor_uuid
ipa_user_override_object_class
ipa_group_override_object_class

`id_provider`

Data type: SSSD::Provider::ID

`domain`

Data type: String

Default value: $title

`debug`

Data type: Optional[Integer[0]]

Default value: undef

`debug_level`

Data type: Optional[Integer[0]]

Default value: undef

`debug_timestamps`

Data type: Optional[Boolean]

Default value: undef

`debug_microseconds`

Data type: Optional[Boolean]

Default value: undef

`timeout`

Data type: Optional[Integer[0]]

Default value: undef

`domain_type`

Data type: Optional[Enum['posix', 'application']]

Default value: undef

`max_id`

Data type: Optional[Integer[0]]

Default value: undef

`min_id`

Data type: Optional[Integer[0]]

Default value: undef

`enumerate`

Data type: Optional[Boolean]

Default value: undef

`subdomain_enumerate`

Data type: Optional[Array[String, 1]]

Default value: undef

`entry_cache_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`entry_cache_user_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`entry_cache_group_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`entry_cache_netgroup_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`entry_cache_service_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`entry_cache_sudo_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`entry_cache_autofs_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`entry_cache_ssh_host_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`refresh_expired_interval`

Data type: Optional[Integer[0]]

Default value: undef

`cache_credentials`

Data type: Optional[Boolean]

Default value: undef

`cache_credentials_minimal_first_factor_length`

Data type: Optional[Integer[0]]

Default value: undef

`account_cache_expiration`

Data type: Optional[Integer[0]]

Default value: undef

`pwd_expiration_warning`

Data type: Optional[Integer[0]]

Default value: undef

`use_fully_qualified_names`

Data type: Optional[Boolean]

Default value: undef

`ignore_group_members`

Data type: Optional[Boolean]

Default value: undef

`auth_provider`

Data type: Optional[SSSD::Provider::Auth]

Default value: undef

`access_provider`

Data type: Optional[SSSD::Provider::Access]

Default value: undef

`chpass_provider`

Data type: Optional[SSSD::Provider::Chpass]

Default value: undef

`sudo_provider`

Data type: Optional[SSSD::Provider::Sudo]

Default value: undef

`selinux_provider`

Data type: Optional[SSSD::Provider::SELinux]

Default value: undef

`subdomains_provider`

Data type: Optional[SSSD::Provider::Subdomains]

Default value: undef

`autofs_provider`

Data type: Optional[SSSD::Provider::AutoFS]

Default value: undef

`hostid_provider`

Data type: Optional[SSSD::Provider::HostID]

Default value: undef

`re_expression`

Data type: Optional[String]

Default value: undef

`full_name_format`

Data type: Optional[String]

Default value: undef

`lookup_family_order`

Data type: Optional[Enum['ipv4_first', 'ipv4_only', 'ipv6_first', 'ipv6_only']]

Default value: undef

`dns_resolver_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`dns_discovery_domain`

Data type: Optional[Bodgitlib::Domain]

Default value: undef

`override_gid`

Data type: Optional[Integer[0]]

Default value: undef

`case_sensitive`

Data type: Optional[Variant[Boolean, Enum['preserving']]]

Default value: undef

`subdomain_inherit`

Data type: Optional[Array[SSSD::Subdomain::Inherit, 1]]

Default value: undef

`subdomain_homedir`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`realmd_tags`

Data type: Optional[Array[String, 1]]

Default value: undef

`cached_auth_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`dyndns_update`

Data type: Optional[Boolean]

Default value: undef

`dyndns_ttl`

Data type: Optional[Integer[0]]

Default value: undef

`dyndns_iface`

Data type: Optional[Array[String, 1]]

Default value: undef

`dyndns_refresh_interval`

Data type: Optional[Integer[0]]

Default value: undef

`dyndns_update_ptr`

Data type: Optional[Boolean]

Default value: undef

`dyndns_force_tcp`

Data type: Optional[Boolean]

Default value: undef

`dyndns_auth`

Data type: Optional[String]

Default value: undef

`dyndns_server`

Data type: Optional[Bodgitlib::Host]

Default value: undef

`override_homedir`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`homedir_substring`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`wildcard_limit`

Data type: Optional[Integer[0]]

Default value: undef

`simple_allow_users`

Data type: Optional[Array[String, 1]]

Default value: undef

`simple_deny_users`

Data type: Optional[Array[String, 1]]

Default value: undef

`simple_allow_groups`

Data type: Optional[Array[String, 1]]

Default value: undef

`simple_deny_groups`

Data type: Optional[Array[String, 1]]

Default value: undef

`proxy_pam_target`

Data type: Optional[String]

Default value: undef

`proxy_lib_name`

Data type: Optional[String]

Default value: undef

`proxy_fast_alias`

Data type: Optional[Boolean]

Default value: undef

`proxy_max_children`

Data type: Optional[Integer[0]]

Default value: undef

`default_shell`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`base_directory`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`create_homedir`

Data type: Optional[Boolean]

Default value: undef

`remove_homedir`

Data type: Optional[Boolean]

Default value: undef

`homedir_umask`

Data type: Optional[Pattern[/^[0-7]{3}$/]]

Default value: undef

`skel_dir`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`mail_dir`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`userdel_cmd`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`ldap_uri`

Data type: Optional[Array[Variant[Bodgitlib::LDAP::URI::Simple, Enum['_srv_']], 1]]

Default value: undef

`ldap_backup_uri`

Data type: Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]]

Default value: undef

`ldap_chpass_uri`

Data type: Optional[Array[Variant[Bodgitlib::LDAP::URI::Simple, Enum['_srv_']], 1]]

Default value: undef

`ldap_chpass_backup_uri`

Data type: Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]]

Default value: undef

`ldap_search_base`

Data type: Optional[SSSD::Search::Base]

Default value: undef

`ldap_schema`

Data type: Optional[Enum['rfc2307', 'rfc2307bis', 'ipa', 'ad']]

Default value: undef

`ldap_default_bind_dn`

Data type: Optional[Bodgitlib::LDAP::DN]

Default value: undef

`ldap_default_authtok_type`

Data type: Optional[Enum['password', 'obfuscated_password']]

Default value: undef

`ldap_default_authtok`

Data type: Optional[String]

Default value: undef

`ldap_user_object_class`

Data type: Optional[String]

Default value: undef

`ldap_user_name`

Data type: Optional[String]

Default value: undef

`ldap_user_uid_number`

Data type: Optional[String]

Default value: undef

`ldap_user_gid_number`

Data type: Optional[String]

Default value: undef

`ldap_user_gecos`

Data type: Optional[String]

Default value: undef

`ldap_user_home_directory`

Data type: Optional[String]

Default value: undef

`ldap_user_shell`

Data type: Optional[String]

Default value: undef

`ldap_user_uuid`

Data type: Optional[String]

Default value: undef

`ldap_user_objectsid`

Data type: Optional[String]

Default value: undef

`ldap_user_modify_timestamp`

Data type: Optional[String]

Default value: undef

`ldap_user_shadow_last_change`

Data type: Optional[String]

Default value: undef

`ldap_user_shadow_min`

Data type: Optional[String]

Default value: undef

`ldap_user_shadow_max`

Data type: Optional[String]

Default value: undef

`ldap_user_shadow_warning`

Data type: Optional[String]

Default value: undef

`ldap_user_shadow_inactive`

Data type: Optional[String]

Default value: undef

`ldap_user_shadow_expire`

Data type: Optional[String]

Default value: undef

`ldap_user_krb_last_pwd_change`

Data type: Optional[String]

Default value: undef

`ldap_user_krb_password_expiration`

Data type: Optional[String]

Default value: undef

`ldap_user_ad_account_expires`

Data type: Optional[String]

Default value: undef

`ldap_user_ad_user_account_control`

Data type: Optional[String]

Default value: undef

`ldap_ns_account_lock`

Data type: Optional[String]

Default value: undef

`ldap_user_nds_login_disabled`

Data type: Optional[String]

Default value: undef

`ldap_user_nds_login_expiration_time`

Data type: Optional[String]

Default value: undef

`ldap_user_nds_login_allowed_time_map`

Data type: Optional[String]

Default value: undef

`ldap_user_principal`

Data type: Optional[String]

Default value: undef

`ldap_user_extra_attrs`

Data type: Optional[Array[String, 1]]

Default value: undef

`ldap_user_ssh_public_key`

Data type: Optional[String]

Default value: undef

`ldap_force_upper_case_realm`

Data type: Optional[Boolean]

Default value: undef

`ldap_enumeration_refresh_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_purge_cache_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_user_fullname`

Data type: Optional[String]

Default value: undef

`ldap_user_member_of`

Data type: Optional[String]

Default value: undef

`ldap_user_authorized_service`

Data type: Optional[String]

Default value: undef

`ldap_user_authorized_host`

Data type: Optional[String]

Default value: undef

`ldap_user_certificate`

Data type: Optional[String]

Default value: undef

`ldap_group_object_class`

Data type: Optional[String]

Default value: undef

`ldap_group_name`

Data type: Optional[String]

Default value: undef

`ldap_group_gid_number`

Data type: Optional[String]

Default value: undef

`ldap_group_member`

Data type: Optional[String]

Default value: undef

`ldap_group_uuid`

Data type: Optional[String]

Default value: undef

`ldap_group_objectsid`

Data type: Optional[String]

Default value: undef

`ldap_group_modify_timestamp`

Data type: Optional[String]

Default value: undef

`ldap_group_type`

Data type: Optional[String]

Default value: undef

`ldap_group_external_member`

Data type: Optional[String]

Default value: undef

`ldap_group_nesting_level`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_groups_use_matching_rule_in_chain`

Data type: Optional[Boolean]

Default value: undef

`ldap_initgroups_use_matching_rule_in_chain`

Data type: Optional[Boolean]

Default value: undef

`ldap_use_tokengroups`

Data type: Optional[Boolean]

Default value: undef

`ldap_netgroup_object_class`

Data type: Optional[String]

Default value: undef

`ldap_netgroup_name`

Data type: Optional[String]

Default value: undef

`ldap_netgroup_member`

Data type: Optional[String]

Default value: undef

`ldap_netgroup_triple`

Data type: Optional[String]

Default value: undef

`ldap_netgroup_modify_timestamp`

Data type: Optional[String]

Default value: undef

`ldap_service_object_class`

Data type: Optional[String]

Default value: undef

`ldap_service_name`

Data type: Optional[String]

Default value: undef

`ldap_service_port`

Data type: Optional[String]

Default value: undef

`ldap_service_proto`

Data type: Optional[String]

Default value: undef

`ldap_service_search_base`

Data type: Optional[SSSD::Search::Base]

Default value: undef

`ldap_search_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_enumeration_search_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_network_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_opt_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_connection_expire_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_page_size`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_disable_paging`

Data type: Optional[Boolean]

Default value: undef

`ldap_disable_range_retrieval`

Data type: Optional[Boolean]

Default value: undef

`ldap_sasl_minssf`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_sasl_maxssf`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_deref_threshold`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_tls_reqcert`

Data type: Optional[Enum['never', 'allow', 'try', 'demand', 'hard']]

Default value: undef

`ldap_tls_cacert`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`ldap_tls_cacertdir`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`ldap_tls_cert`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`ldap_tls_key`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`ldap_tls_cipher_suite`

Data type: Optional[String]

Default value: undef

`ldap_auth_disable_tls_never_use_in_production`

Data type: Optional[Boolean]

Default value: undef

`ldap_id_use_start_tls`

Data type: Optional[Boolean]

Default value: undef

`ldap_id_mapping`

Data type: Optional[Boolean]

Default value: undef

`ldap_idmap_range_min`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_idmap_range_max`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_idmap_range_size`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_idmap_default_domain_sid`

Data type: Optional[String]

Default value: undef

`ldap_idmap_default_domain`

Data type: Optional[String]

Default value: undef

`ldap_idmap_autorid_compat`

Data type: Optional[Boolean]

Default value: undef

`ldap_idmap_helper_table_size`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_max_id`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_min_id`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_sasl_mech`

Data type: Optional[String]

Default value: undef

`ldap_sasl_authid`

Data type: Optional[String]

Default value: undef

`ldap_sasl_realm`

Data type: Optional[String]

Default value: undef

`ldap_sasl_canonicalize`

Data type: Optional[Boolean]

Default value: undef

`ldap_krb5_keytab`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`ldap_krb5_init_creds`

Data type: Optional[Boolean]

Default value: undef

`ldap_krb5_ticket_lifetime`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_pwd_policy`

Data type: Optional[Enum['none', 'shadow', 'mit_kerberos']]

Default value: undef

`ldap_referrals`

Data type: Optional[Boolean]

Default value: undef

`ldap_dns_service_name`

Data type: Optional[String]

Default value: undef

`ldap_chpass_dns_service_name`

Data type: Optional[String]

Default value: undef

`ldap_chpass_update_last_change`

Data type: Optional[Boolean]

Default value: undef

`ldap_access_filter`

Data type: Optional[Bodgitlib::LDAP::Filter]

Default value: undef

`ldap_account_expire_policy`

Data type: Optional[Enum['shadow', 'ad', 'rhds', 'ipa', '389ds', 'nds']]

Default value: undef

`ldap_access_order`

Data type: Optional[Array[SSSD::LDAP::Access::Order, 1]]

Default value: undef

`ldap_pwdlockout_dn`

Data type: Optional[Bodgitlib::LDAP::DN]

Default value: undef

`ldap_deref`

Data type: Optional[Enum['never', 'searching', 'finding', 'always']]

Default value: undef

`ldap_rfc2307_fallback_to_local_users`

Data type: Optional[Boolean]

Default value: undef

`ldap_sudorule_object_class`

Data type: Optional[String]

Default value: undef

`ldap_sudorule_name`

Data type: Optional[String]

Default value: undef

`ldap_sudorule_command`

Data type: Optional[String]

Default value: undef

`ldap_sudorule_host`

Data type: Optional[String]

Default value: undef

`ldap_sudorule_user`

Data type: Optional[String]

Default value: undef

`ldap_sudorule_option`

Data type: Optional[String]

Default value: undef

`ldap_sudorule_runasuser`

Data type: Optional[String]

Default value: undef

`ldap_sudorule_runasgroup`

Data type: Optional[String]

Default value: undef

`ldap_sudorule_notbefore`

Data type: Optional[String]

Default value: undef

`ldap_sudorule_notafter`

Data type: Optional[String]

Default value: undef

`ldap_sudorule_order`

Data type: Optional[String]

Default value: undef

`ldap_sudo_full_refresh_interval`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_sudo_smart_refresh_interval`

Data type: Optional[Integer[0]]

Default value: undef

`ldap_sudo_use_host_filter`

Data type: Optional[Boolean]

Default value: undef

`ldap_sudo_hostnames`

Data type: Optional[Array[String, 1]]

Default value: undef

`ldap_sudo_ip`

Data type: Optional[Array[IP::Address, 1]]

Default value: undef

`ldap_sudo_include_netgroups`

Data type: Optional[Boolean]

Default value: undef

`ldap_sudo_include_regexp`

Data type: Optional[Boolean]

Default value: undef

`ldap_autofs_map_master_name`

Data type: Optional[String]

Default value: undef

`ldap_autofs_map_object_class`

Data type: Optional[String]

Default value: undef

`ldap_autofs_map_name`

Data type: Optional[String]

Default value: undef

`ldap_autofs_entry_object_class`

Data type: Optional[String]

Default value: undef

`ldap_autofs_entry_key`

Data type: Optional[String]

Default value: undef

`ldap_autofs_entry_value`

Data type: Optional[String]

Default value: undef

`ldap_netgroup_search_base`

Data type: Optional[SSSD::Search::Base]

Default value: undef

`ldap_user_search_base`

Data type: Optional[SSSD::Search::Base]

Default value: undef

`ldap_group_search_base`

Data type: Optional[SSSD::Search::Base]

Default value: undef

`ldap_sudo_search_base`

Data type: Optional[SSSD::Search::Base]

Default value: undef

`ldap_autofs_search_base`

Data type: Optional[SSSD::Search::Base]

Default value: undef

`krb5_server`

Data type: Optional[Array[Variant[Bodgitlib::Host, Enum['_srv_']], 1]]

Default value: undef

`krb5_backup_server`

Data type: Optional[Array[Bodgitlib::Host, 1]]

Default value: undef

`krb5_realm`

Data type: Optional[String]

Default value: undef

`krb5_kpasswd`

Data type: Optional[Array[Variant[Bodgitlib::Host, Tuple[Bodgitlib::Host, Bodgitlib::Port]], 1]]

Default value: undef

`krb5_backup_kpasswd`

Data type: Optional[Array[Variant[Bodgitlib::Host, Tuple[Bodgitlib::Host, Bodgitlib::Port]], 1]]

Default value: undef

`krb5_ccachedir`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`krb5_ccname_template`

Data type: Optional[String]

Default value: undef

`krb5_auth_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`krb5_validate`

Data type: Optional[Boolean]

Default value: undef

`krb5_keytab`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`krb5_store_password_if_offline`

Data type: Optional[Boolean]

Default value: undef

`krb5_renewable_lifetime`

Data type: Optional[Variant[Integer[0], Pattern[/(?x) ^ \d+ [smhd]? $/]]]

Default value: undef

`krb5_lifetime`

Data type: Optional[Variant[Integer[0], Pattern[/(?x) ^ \d+ [smhd]? $/]]]

Default value: undef

`krb5_renew_interval`

Data type: Optional[Variant[Integer[0], Pattern[/(?x) ^ \d+ [smhd]? $/]]]

Default value: undef

`krb5_use_fast`

Data type: Optional[Enum['never', 'try', 'demand']]

Default value: undef

`krb5_fast_principal`

Data type: Optional[String]

Default value: undef

`krb5_canonicalize`

Data type: Optional[Boolean]

Default value: undef

`krb5_use_kdcinfo`

Data type: Optional[Boolean]

Default value: undef

`krb5_use_enterprise_principal`

Data type: Optional[Boolean]

Default value: undef

`krb5_map_user`

Data type: Optional[Array[String, 1]]

Default value: undef

`krb5_confd_path`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`ad_domain`

Data type: Optional[String]

Default value: undef

`ad_enabled_domains`

Data type: Optional[Array[Bodgitlib::Domain, 1]]

Default value: undef

`ad_server`

Data type: Optional[Array[Variant[Bodgitlib::Host, Enum['_srv_']], 1]]

Default value: undef

`ad_backup_server`

Data type: Optional[Array[Bodgitlib::Host, 1]]

Default value: undef

`ad_hostname`

Data type: Optional[Bodgitlib::Hostname]

Default value: undef

`ad_enable_dns_sites`

Data type: Optional[Boolean]

Default value: undef

`ad_access_filter`

Data type: Optional[SSSD::AD::Access::Filter]

Default value: undef

`ad_site`

Data type: Optional[String]

Default value: undef

`ad_enable_gc`

Data type: Optional[Boolean]

Default value: undef

`ad_gpo_access_control`

Data type: Optional[Enum['disabled', 'enforcing', 'permissive']]

Default value: undef

`ad_gpo_cache_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`ad_gpo_map_interactive`

Data type: Optional[Array[String, 1]]

Default value: undef

`ad_gpo_map_remote_interactive`

Data type: Optional[Array[String, 1]]

Default value: undef

`ad_gpo_map_network`

Data type: Optional[Array[String, 1]]

Default value: undef

`ad_gpo_map_batch`

Data type: Optional[Array[String, 1]]

Default value: undef

`ad_gpo_map_service`

Data type: Optional[Array[String, 1]]

Default value: undef

`ad_gpo_map_permit`

Data type: Optional[Array[String, 1]]

Default value: undef

`ad_gpo_map_deny`

Data type: Optional[Array[String, 1]]

Default value: undef

`ad_gpo_default_right`

Data type: Optional[SSSD::AD::GPO::Default::Right]

Default value: undef

`ad_maximum_machine_account_password_age`

Data type: Optional[Integer[0]]

Default value: undef

`ad_machine_account_password_renewal_opts`

Data type: Optional[Tuple[Integer[0], 2, 2]]

Default value: undef

`ipa_domain`

Data type: Optional[String]

Default value: undef

`ipa_server`

Data type: Optional[Array[Variant[Bodgitlib::Host, Enum['_srv_']], 1]]

Default value: undef

`ipa_backup_server`

Data type: Optional[Array[Bodgitlib::Host, 1]]

Default value: undef

`ipa_hostname`

Data type: Optional[Bodgitlib::Hostname]

Default value: undef

`ipa_enable_dns_sites`

Data type: Optional[Boolean]

Default value: undef

`ipa_hbac_search_base`

Data type: Optional[Bodgitlib::LDAP::DN]

Default value: undef

`ipa_host_search_base`

Data type: Optional[Bodgitlib::LDAP::DN]

Default value: undef

`ipa_selinux_search_base`

Data type: Optional[Bodgitlib::LDAP::DN]

Default value: undef

`ipa_subdomains_search_base`

Data type: Optional[Bodgitlib::LDAP::DN]

Default value: undef

`ipa_master_domain_search_base`

Data type: Optional[Bodgitlib::LDAP::DN]

Default value: undef

`ipa_views_search_base`

Data type: Optional[Bodgitlib::LDAP::DN]

Default value: undef

`ipa_hbac_refresh`

Data type: Optional[Integer[0]]

Default value: undef

`ipa_hbac_selinux`

Data type: Optional[Integer[0]]

Default value: undef

`ipa_server_mode`

Data type: Optional[Boolean]

Default value: undef

`ipa_automount_location`

Data type: Optional[String]

Default value: undef

`ipa_view_class`

Data type: Optional[String]

Default value: undef

`ipa_view_name`

Data type: Optional[String]

Default value: undef

`ipa_override_object_class`

Data type: Optional[String]

Default value: undef

`ipa_anchor_uuid`

Data type: Optional[String]

Default value: undef

`ipa_user_override_object_class`

Data type: Optional[String]

Default value: undef

`ipa_group_override_object_class`

Data type: Optional[String]

Default value: undef

`sssd::service`

Define an SSSD service.

Since 1.0.0
See also
- puppet_classes::sssd
  - ::sssd
- puppet_classes::sssd::dbus
  - ::sssd::dbus

Examples

Enable NSS service

include sssd
sssd::service { 'nss': }

Parameters

The following parameters are available in the sssd::service defined type:

service
use_socket_activation
debug
debug_level
debug_timestamps
debug_microseconds
timeout
reconnection_retries
fd_limit
client_idle_timeout
offline_timeout
responder_idle_timeout
cache_first
enum_cache_timeout
entry_cache_nowait_percentage
entry_negative_timeout
local_negative_timeout
filter_groups
filter_users
filter_users_in_groups
override_homedir
homedir_substring
fallback_homedir
override_shell
allowed_shells
vetoed_shells
shell_fallback
default_shell
get_domains_timeout
memcache_timeout
user_attributes
pwfield
offline_credentials_expiration
offline_failed_login_attempts
offline_failed_login_delay
pam_verbosity
pam_response_filter
pam_id_timeout
pam_pwd_expiration_warning
pam_trusted_users
pam_public_domains
pam_account_expired_message
pam_account_locked_message
pam_cert_auth
pam_cert_db_path
p11_child_timeout
pam_app_services
sudo_timed
autofs_negative_timeout
ssh_hash_known_hosts
ssh_known_hosts_timeout
ca_db
allowed_uids
pac_lifetime
wildcard_limit
provider
container_nest_level
max_secrets
max_payload_size
proxy_url
auth_type
auth_header_name
auth_header_value
forward_headers
verify_peer
verify_host
capath
cacert
cert
key

`service`

Data type: SSSD::Type

Default value: $title

`use_socket_activation`

Data type: Boolean

Default value: $sssd::use_socket_activation

`debug`

Data type: Optional[Integer[0]]

Default value: undef

`debug_level`

Data type: Optional[Integer[0]]

Default value: undef

`debug_timestamps`

Data type: Optional[Boolean]

Default value: undef

`debug_microseconds`

Data type: Optional[Boolean]

Default value: undef

`timeout`

Data type: Optional[Integer[0]]

Default value: undef

`reconnection_retries`

Data type: Optional[Integer[0]]

Default value: undef

`fd_limit`

Data type: Optional[Integer[0]]

Default value: undef

`client_idle_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`offline_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`responder_idle_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`cache_first`

Data type: Optional[Boolean]

Default value: undef

`enum_cache_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`entry_cache_nowait_percentage`

Data type: Optional[Integer[0]]

Default value: undef

`entry_negative_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`local_negative_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`filter_groups`

Data type: Optional[Array[String, 1]]

Default value: undef

`filter_users`

Data type: Optional[Array[String, 1]]

Default value: undef

`filter_users_in_groups`

Data type: Optional[Boolean]

Default value: undef

`override_homedir`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`homedir_substring`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`fallback_homedir`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`override_shell`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`allowed_shells`

Data type: Optional[Array[Variant[Stdlib::Absolutepath, Enum['*']], 1]]

Default value: undef

`vetoed_shells`

Data type: Optional[Array[Stdlib::Absolutepath, 1]]

Default value: undef

`shell_fallback`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`default_shell`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`get_domains_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`memcache_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`user_attributes`

Data type: Optional[Array[String, 1]]

Default value: undef

`pwfield`

Data type: Optional[String]

Default value: undef

`offline_credentials_expiration`

Data type: Optional[Integer[0]]

Default value: undef

`offline_failed_login_attempts`

Data type: Optional[Integer[0]]

Default value: undef

`offline_failed_login_delay`

Data type: Optional[Integer[0]]

Default value: undef

`pam_verbosity`

Data type: Optional[Integer[0, 3]]

Default value: undef

`pam_response_filter`

Data type: Optional[Array[String, 1]]

Default value: undef

`pam_id_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`pam_pwd_expiration_warning`

Data type: Optional[Integer[0]]

Default value: undef

`pam_trusted_users`

Data type: Optional[Array[Variant[Integer[0], String], 1]]

Default value: undef

`pam_public_domains`

Data type: Optional[Array[String, 1]]

Default value: undef

`pam_account_expired_message`

Data type: Optional[String]

Default value: undef

`pam_account_locked_message`

Data type: Optional[String]

Default value: undef

`pam_cert_auth`

Data type: Optional[Boolean]

Default value: undef

`pam_cert_db_path`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`p11_child_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`pam_app_services`

Data type: Optional[Array[String, 1]]

Default value: undef

`sudo_timed`

Data type: Optional[Boolean]

Default value: undef

`autofs_negative_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`ssh_hash_known_hosts`

Data type: Optional[Boolean]

Default value: undef

`ssh_known_hosts_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`ca_db`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`allowed_uids`

Data type: Optional[Array[Variant[Integer[0], String], 1]]

Default value: undef

`pac_lifetime`

Data type: Optional[Integer[0]]

Default value: undef

`wildcard_limit`

Data type: Optional[Integer[0]]

Default value: undef

`provider`

Data type: Optional[Enum['local', 'proxy']]

Default value: undef

`container_nest_level`

Data type: Optional[Integer[0]]

Default value: undef

`max_secrets`

Data type: Optional[Integer[0]]

Default value: undef

`max_payload_size`

Data type: Optional[Integer[0]]

Default value: undef

`proxy_url`

Data type: Optional[String]

Default value: undef

`auth_type`

Data type: Optional[Enum['basic_auth', 'header']]

Default value: undef

`auth_header_name`

Data type: Optional[String]

Default value: undef

`auth_header_value`

Data type: Optional[String]

Default value: undef

`forward_headers`

Data type: Optional[Array[String, 1]]

Default value: undef

`verify_peer`

Data type: Optional[Boolean]

Default value: undef

`verify_host`

Data type: Optional[Boolean]

Default value: undef

`capath`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`cacert`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`cert`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`key`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

Resource types

`sssd_conf`

Manages settings in an SSSD sssd.conf file.

The resource name can be used as a shortcut for specifying the section and setting parameters by using the form <section>/<setting> otherwise it can be left as a normal string.

Properties

The following properties are available in the sssd_conf type.

`ensure`

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

`value`

Value to change the setting to.

Parameters

The following parameters are available in the sssd_conf type.

name
provider
section
setting
target

`name`

The name of the section and setting separated by /, or a unique string.

`provider`

The specific backend to use for this sssd_conf resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

`section`

namevar

The section in the sssd.conf file for the setting, defaults to the global [sssd] section.

Default value: sssd

`setting`

namevar

The setting in the sssd.conf file to manage.

`target`

The file in which to store the settings, defaults to /etc/sssd/sssd.conf.

Data types

`SSSD::AD::Access::Filter`

The SSSD::AD::Access::Filter data type.

Since 2.0.0

Alias of

Pattern[/(?x) ^ (?: (?: (?: DOM | FOREST ) : )? [^:]+ : )? (?<re> \( (?: [&|] \g<re>+ | ! \g<re> | (?: (?<attr> (?: [[:alpha:]] [[:alnum:]_-]* | [[:digit:]]+ (?: \. [[:digit:]]+ )* ) (?: ; [[:alpha:]] [[:alnum:]-]* )* ) [~<>]? = (?<value> (?: [^\\()*] | \\ [[:xdigit:]]{2} )* ) | \g<attr> = \* | \g<attr> = \g<value>? \* (?: \g<value> \* )* \g<value>? | (?: \g<attr> (?: :dn )? (?: : (?<rule> [[:digit:]]+ (?: \. [[:digit:]]+ )* | [[:alpha:]] [[:alnum:]]* Match ) )? := \g<value> | (?: : (?: dn | DN ) )? : \g<rule> := \g<value> ) ) ) \) ) $/]

`SSSD::AD::GPO::Default::Right`

The SSSD::AD::GPO::Default::Right data type.

Since 2.0.0

Alias of

Enum['interactive', 'remote_interactive', 'network', 'batch', 'service', 'permit', 'deny']

`SSSD::Certificate::Verification`

The SSSD::Certificate::Verification data type.

Since 2.0.0

Alias of

Variant[Enum['no_ocsp', 'no_verification'], Tuple[Enum['ocsp_default_responder', 'ocsp_default_responder_signing_cert'], String]]

`SSSD::LDAP::Access::Order`

The SSSD::LDAP::Access::Order data type.

Since 2.0.0

Alias of

Enum['filter', 'lockout', 'ppolicy', 'expire', 'pwd_expire_policy_reject', 'pwd_expire_policy_warn', 'pwd_expire_policy_renew', 'authorized_service', 'host']

`SSSD::Provider::Access`

The SSSD::Provider::Access data type.

Since 2.0.0

Alias of

Enum['permit', 'deny', 'ldap', 'ipa', 'ad', 'simple', 'krb5', 'proxy']

`SSSD::Provider::Auth`

The SSSD::Provider::Auth data type.

Since 2.0.0

Alias of

Enum['ldap', 'krb5', 'ipa', 'ad', 'proxy', 'local', 'none']

`SSSD::Provider::AutoFS`

@since 2.0.0

Alias of

Enum['ldap', 'ipa', 'ad', 'none']

`SSSD::Provider::Chpass`

The SSSD::Provider::Chpass data type.

Since 2.0.0

Alias of

Enum['ldap', 'krb5', 'ipa', 'ad', 'proxy', 'none']

`SSSD::Provider::HostID`

The SSSD::Provider::HostID data type.

Since 2.0.0

Alias of

SSSD::Provider::SELinux

`SSSD::Provider::ID`

The SSSD::Provider::ID data type.

Since 2.0.0

Alias of

Enum['proxy', 'local', 'ldap', 'ipa', 'ad']

`SSSD::Provider::SELinux`

The SSSD::Provider::SELinux data type.

Since 2.0.0

Alias of

Enum['ipa', 'none']

`SSSD::Provider::Subdomains`

The SSSD::Provider::Subdomains data type.

Since 2.0.0

Alias of

Enum['ipa', 'ad', 'none']

`SSSD::Provider::Sudo`

The SSSD::Provider::Sudo data type.

Since 2.0.0

Alias of

Enum['ldap', 'ipa', 'ad', 'none']

`SSSD::Search::Base`

The SSSD::Search::Base data type.

Since 2.0.0

Alias of

Pattern[/(?x) ^ (?<dn> (?<comp> (?<tv> (?: [[:alpha:]] [[:alnum:]_-]* | (?: (?: oid | OID ) \. )? [[:digit:]]+ (?: \. [[:digit:]]+ )* ) [[:space:]]* = [[:space:]]* (?: \# (?: [[:xdigit:]]{2} )+ | (?: [^,=\+<>#;\\"] | \\ [,=\+<>#;\\"] | \\ [[:xdigit:]]{2} )* | " (?: [^\\"] | \\ [,=\+<>#;\\"] | \\ [[:xdigit:]]{2} )* " ) ) (?: [[:space:]]* \+ [[:space:]]* \g<tv> )* ) (?: [[:space:]]* [,;] [[:space:]]* \g<comp> )* ) (?: \? (?<scope> base | onelevel | subtree ) \? (?<filter> \( (?: [&|] \g<filter>+ | ! \g<filter> | (?: (?<attr> (?: [[:alpha:]] [[:alnum:]_-]* | [[:digit:]]+ (?: \. [[:digit:]]+ )* ) (?: ; [[:alpha:]] [[:alnum:]-]* )* ) [~<>]? = (?<value> (?: [^\\()*] | \\ [[:xdigit:]]{2} )* ) | \g<attr> = \* | \g<attr> = \g<value>? \* (?: \g<value> \* )* \g<value>? | (?: \g<attr> (?: :dn )? (?: : (?<rule> [[:digit:]]+ (?: \. [[:digit:]]+ )* | [[:alpha:]] [[:alnum:]]* Match ) )? := \g<value> | (?: : (?: dn | DN ) )? : \g<rule> := \g<value> ) ) ) \) )? (?: \? \g<dn> \? \g<scope> \? \g<filter>? )* )? $/]

`SSSD::Subdomain::Inherit`

The SSSD::Subdomain::Inherit data type.

Since 2.0.0

Alias of

Enum['ignore_group_members', 'ldap_purge_cache_timeout', 'ldap_use_tokengroups', 'ldap_user_principal', 'ldap_krb5_keytab']

`SSSD::Type`

The SSSD::Type data type.

Since 2.0.0

Alias of

Enum['nss', 'pam', 'sudo', 'autofs', 'ssh', 'pac', 'ifp', 'secrets']

Files

REFERENCE.md

Latest commit

History

REFERENCE.md

File metadata and controls

Reference

Table of Contents

Classes

Defined types

Resource types

Data types

Classes

sssd

Examples

Declaring the class

Parameters

conf_dir

conf_file

domains

package_name

service_name

services

service_enable

service_ensure

socket_services

use_socket_activation

debug

debug_level

debug_timestamps

debug_microseconds

config_file_version

reconnection_retries

re_expression

full_name_format

try_inotify

krb5_rcache_dir

user

default_domain_suffix

override_space

certificate_verification

disable_netlink

enable_files_domain

domain_resolution_order

sssd::config

sssd::daemon

sssd::dbus

Examples

Declaring the class

Parameters

package_name

use_socket_activation

debug

debug_level

debug_timestamps

debug_microseconds

timeout

reconnection_retries

fd_limit

client_idle_timeout

offline_timeout

responder_idle_timeout

cache_first

allowed_uids

user_attributes

wildcard_limit

sssd::dbus::config

sssd::dbus::install

sssd::install

sssd::params

Defined types

sssd::domain

Examples

Define an LDAP domain

Parameters

id_provider

domain

debug

debug_level

debug_timestamps

`sssd`

`conf_dir`

`conf_file`

`domains`

`package_name`

`service_name`

`services`

`service_enable`

`service_ensure`

`socket_services`

`use_socket_activation`

`debug`

`debug_level`

`debug_timestamps`

`debug_microseconds`

`config_file_version`

`reconnection_retries`

`re_expression`

`full_name_format`

`try_inotify`

`krb5_rcache_dir`

`user`

`default_domain_suffix`

`override_space`

`certificate_verification`

`disable_netlink`

`enable_files_domain`

`domain_resolution_order`

`sssd::config`

`sssd::daemon`

`sssd::dbus`

`package_name`

`use_socket_activation`

`debug`

`debug_level`

`debug_timestamps`

`debug_microseconds`

`timeout`

`reconnection_retries`

`fd_limit`

`client_idle_timeout`

`offline_timeout`

`responder_idle_timeout`

`cache_first`

`allowed_uids`

`user_attributes`

`wildcard_limit`

`sssd::dbus::config`

`sssd::dbus::install`

`sssd::install`

`sssd::params`

`sssd::domain`

`id_provider`

`domain`

`debug`

`debug_level`

`debug_timestamps`

`debug_microseconds`

`timeout`

`domain_type`

`max_id`

`min_id`

`enumerate`

`subdomain_enumerate`

`entry_cache_timeout`

`entry_cache_user_timeout`

`entry_cache_group_timeout`

`entry_cache_netgroup_timeout`

`entry_cache_service_timeout`

`entry_cache_sudo_timeout`

`entry_cache_autofs_timeout`

`entry_cache_ssh_host_timeout`

`refresh_expired_interval`

`cache_credentials`

`cache_credentials_minimal_first_factor_length`

`account_cache_expiration`

`pwd_expiration_warning`

`use_fully_qualified_names`

`ignore_group_members`

`auth_provider`