[sssd] Support multiple LDAP uris for resilience

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

group_vars/sssd.yml

@@ -3,16 +3,18 @@ glob_sssd:
     domain: tealc.adm.crans.org
     enumerate: "true"
     servers:
-      - "{{ query('ldap','ip','tealc','adm') | ipv4 | first }}"
-      - "{{ query('ldap','ip','sam','adm') | ipv4 | first }}"
-      - "{{ query('ldap','ip','daniel','adm') | ipv4 | first }}"
-      - "{{ query('ldap','ip','jack','adm') | ipv4 | first }}"
+      - "ldaps://{{ query('ldap','ip','tealc','adm') | ipv4 | first }}"
+      - "ldaps://{{ query('ldap','ip','sam','adm') | ipv4 | first }}"
+      - "ldaps://{{ query('ldap','ip','daniel','adm') | ipv4 | first }}"
+      - "ldaps://{{ query('ldap','ip','jack','adm') | ipv4 | first }}"
     base: "dc=crans,dc=org"
   secondary:
     domain: re2o-ldap.adm.crans.org
     enumerate: "false"
+    servers:
+      - "ldaps://{{ query('ldap','ip','re2o-ldap','adm') | ipv4 | first }}"
+      - "ldaps://{{ query('ldap','ip','terenez','adm') | ipv4 | first }}"
     base: "dc=crans,dc=org"
     bind:
       dn: "cn=nslcd,ou=service-users,dc=crans,dc=org"
       passwd: "{{ vault.ldap_nslcd_passwd }}"
-        

roles/sssd/templates/sssd/sssd.conf.j2

@@ -9,7 +9,7 @@ ldap_access_filter = (objectClass=posixAccount)
 enumerate = {{ sssd.primary.enumerate }}
 id_provider = ldap
 auth_provider = ldap
-ldap_uri = ldaps://{{ sssd.primary.domain }}
+ldap_uri = {{ sssd.primary.servers | join(', ') }}
 ldap_search_base = {{ sssd.primary.base }}
 {% if sssd.primary.bind is defined -%}
 ldap_default_bind_dn = {{ sssd.primary.bind.dn }}
@@ -22,7 +22,7 @@ ldap_access_filter = (objectClass=posixAccount)
 enumerate = {{ sssd.secondary.enumerate }}
 id_provider = ldap
 auth_provider = ldap
-ldap_uri = ldaps://{{ sssd.secondary.domain }}
+ldap_uri = {{ sssd.secondary.servers | join(', ') }}
 ldap_search_base = {{ sssd.secondary.base }}
 {% if sssd.secondary.bind is defined -%}
 ldap_default_bind_dn = {{ sssd.secondary.bind.dn }}