/salt-formula-freeipa

Primary LanguageSaltStackOtherNOASSERTION

freeipa

FreeIPA Identity Management service and client

Sample pillars

Client

freeipa:
  client:
    enabled: true
    server: ipa.example.com
    domain: ${linux:network:domain}
    realm: ${linux:network:domain}
    hostname: ${linux:network:fqdn}

If you are using openssh formula, this is needed for FreeIPA authentication:

openssh:
  server:
    public_key_auth: true
    gssapi_auth: true
    kerberos_auth: false
    authorized_keys_command:
      command: /usr/bin/sss_ssh_authorizedkeys
      user: nobody

Update DNS records using nsupdate:

freeipa:
  client:
    nsupdate:
      - name: test.example.com
        ipv4:
          - 8.8.8.8
        ipv6:
          - 2a00:1450:4001:80a::1009
        ttl: 1800
        keytab: /etc/krb5.keytab

Request certificate using certmonger:

freeipa:
  client:
    cert:
      "HTTP/www.example.com":
        user: root
        group: www-data
        mode: 640
        cert: /etc/ssl/certs/http-www.example.com.crt
        key: /etc/ssl/private/http-www.example.com.key

Server

freeipa:
  server:
    realm: IPA.EXAMPLE.COM
    domain: ipa.example.com
    admin:
      password: secretpassword
    ldap:
      password: secretpassword

Server definition for new verion of freeipa (4.3+). Replicas dont require generation of gpg file on master. But principal user has to be defined with

freeipa:
  server:
    realm: IPA.EXAMPLE.COM
    domain: ipa.example.com
    principal_user: admin
    admin:
      password: secretpassword
    servers:
    - idm01.ipa.example.com
    - idm02.ipa.example.com
    - idm03.ipa.example.com

Disable CA. Default is True.

freeipa:
  server:
    ca: false

Disable LDAP access logs but enable audit

freeipa:
  server:
    ldap:
      logging:
        access: false
        audit: true

Read more

Documentation and Bugs

To learn how to install and update salt-formulas, consult the documentation available online at:

http://salt-formulas.readthedocs.io/

In the unfortunate event that bugs are discovered, they should be reported to the appropriate issue tracker. Use Github issue tracker for specific salt formula:

https://github.com/salt-formulas/salt-formula-freeipa/issues

For feature requests, bug reports or blueprints affecting entire ecosystem, use Launchpad salt-formulas project:

https://launchpad.net/salt-formulas

You can also join salt-formulas-users team and subscribe to mailing list:

https://launchpad.net/~salt-formulas-users

Developers wishing to work on the salt-formulas projects should always base their work on master branch and submit pull request against specific formula.

https://github.com/salt-formulas/salt-formula-freeipa

Any questions or feedback is always welcome so feel free to join our IRC channel:

#salt-formulas @ irc.freenode.net