Merge branch 'th/ad-auth-renew_krb5' into 'master'

ad-auth: Allow overriding DC and syncing w/ Samba in renew_krb5 See merge request !4

Merge branch 'th/ad-auth-renew_krb5' into 'master'
fd397dfc · Hinrikus Wolf · 34f78a9d · 087965dc · fd397dfc · fd397dfc
Commit fd397dfc authored 4 years ago by Hinrikus Wolf
--- a/ad-auth/defaults/main.yml
+++ b/ad-auth/defaults/main.yml
@@ -3,3 +3,7 @@
 ad_admin_group: admin
 ad_admin_password: samba-admin
 ad_admin_password_content: "{{ lookup('passwordstore', ad_admin_password) }}"
+# Set this to force a specific DC for the renew_krb5 cron job
+# ad_auth_renew_force_dc: dc.example.org
+# Sync client credentials with Samba (i.e., winbindd)
+ad_auth_sync_samba: false
--- a/ad-auth/templates/renew_krb5.j2
+++ b/ad-auth/templates/renew_krb5.j2
 #!/bin/bash
-/usr/sbin/adcli update -D {{ domain }}
-
+/usr/sbin/adcli update \
+{% if ad_auth_renew_force_dc is defined %}
+	-S {{ ad_auth_renew_force_dc }} \
+{% endif %}
+{% if ad_auth_sync_samba %}
+	--add-samba-data \
+{% endif %}
+	-D {{ domain }}