repcsi/sssd_ansible

## sssd_ansible
---
- hosts: slestest
  vars:
        remote_user: root
        sssd_filename: /etc/sssd/sssd.conf
        ldap_conf_filename: /etc/ldap.conf
  tasks:
  - name: sssd file set audit off
    lineinfile: dest={{ sssd_filename }}
                backup=yes
                regexp="^ldap_user_shell\s*=\s*auditShell"
                state=absent
    when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '12'
    register: sssd

  - name: sssd file set commented line off
    lineinfile: dest={{ sssd_filename }}
                backup=yes
                regexp="^#ldap_user_shell\s*=\s*loginShell"
                state=absent
    when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '12'
    register: sssd

  - name: check for loginShell line on
    lineinfile: dest={{ sssd_filename }}
                backup=yes
                line="ldap_user_shell = loginShell"
                insertafter="^ldap_user_home_directory"
    when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '12'
    register: sssd

  - name: restart sssd
    systemd:
      state: restarted
      daemon_reload: yes
      name: sssd
    when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '12' and sssd.changed

  - name: ldap.conf audit off
    lineinfile: dest={{ ldap_conf_filename }}
                backup=yes
                regexp='^nss_map_attribute\s*loginShell.*'
                state=absent
    when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '11'
    register: ldap

  - name: ldap.conf audit comment off
    lineinfile: dest={{ ldap_conf_filename }}
                backup=yes
                regexp='^#nss_map_attribute\s*loginShell.*'
                state=absent
    when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '11'
    register: ldap


  - name: Refresh ldap client after setup
    command: '/usr/sbin/nscd -i passwd ; /usr/sbin/nscd -i group'
    when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '11' and ldap.changed
	---
	- hosts: slestest
	vars:
	remote_user: root
	sssd_filename: /etc/sssd/sssd.conf
	ldap_conf_filename: /etc/ldap.conf
	tasks:
	- name: sssd file set audit off
	lineinfile: dest={{ sssd_filename }}
	backup=yes
	regexp="^ldap_user_shell\s=\sauditShell"
	state=absent
	when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '12'
	register: sssd

	- name: sssd file set commented line off
	lineinfile: dest={{ sssd_filename }}
	backup=yes
	regexp="^#ldap_user_shell\s=\sloginShell"
	state=absent
	when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '12'
	register: sssd

	- name: check for loginShell line on
	lineinfile: dest={{ sssd_filename }}
	backup=yes
	line="ldap_user_shell = loginShell"
	insertafter="^ldap_user_home_directory"
	when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '12'
	register: sssd

	- name: restart sssd
	systemd:
	state: restarted
	daemon_reload: yes
	name: sssd
	when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '12' and sssd.changed

	- name: ldap.conf audit off
	lineinfile: dest={{ ldap_conf_filename }}
	backup=yes
	regexp='^nss_map_attribute\sloginShell.'
	state=absent
	when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '11'
	register: ldap

	- name: ldap.conf audit comment off
	lineinfile: dest={{ ldap_conf_filename }}
	backup=yes
	regexp='^#nss_map_attribute\sloginShell.'
	state=absent
	when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '11'
	register: ldap


	- name: Refresh ldap client after setup
	command: '/usr/sbin/nscd -i passwd ; /usr/sbin/nscd -i group'
	when: ansible_distribution == 'SLES' and ansible_distribution_major_version== '11' and ldap.changed