From df8baa66518d5f2da89f06c0aeb33da0a68679ec Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Mon, 21 Jun 2021 12:11:16 +0200
Subject: [PATCH] [sssd] Optional enumerate

---
 group_vars/sssd.yml                    | 2 ++
 roles/sssd/templates/sssd/sssd.conf.j2 | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/group_vars/sssd.yml b/group_vars/sssd.yml
index 29b359f7..4f4d0afc 100644
--- a/group_vars/sssd.yml
+++ b/group_vars/sssd.yml
@@ -1,6 +1,7 @@
 glob_sssd:
   primary:
     domain: tealc.adm.crans.org
+    enumerate: "true"
     servers:
       - "{{ query('ldap','ip','tealc','adm') | ipv4 | first }}"
       - "{{ query('ldap','ip','sam','adm') | ipv4 | first }}"
@@ -9,6 +10,7 @@ glob_sssd:
     base: "dc=crans,dc=org"
   secondary:
     domain: re2o-ldap.adm.crans.org
+    enumerate: "false"
     base: "dc=crans,dc=org"
     bind:
       dn: "cn=nslcd,ou=service-users,dc=crans,dc=org"
diff --git a/roles/sssd/templates/sssd/sssd.conf.j2 b/roles/sssd/templates/sssd/sssd.conf.j2
index e5f445a0..51f6cc2e 100644
--- a/roles/sssd/templates/sssd/sssd.conf.j2
+++ b/roles/sssd/templates/sssd/sssd.conf.j2
@@ -6,7 +6,7 @@ domains = {{ sssd.primary.domain }}, {{ sssd.secondary.domain }}
 
 [domain/{{ sssd.primary.domain }}]
 ldap_access_filter = (objectClass=posixAccount)
-enumerate = true
+enumerate = {{ sssd.primary.enumerate }}
 id_provider = ldap
 auth_provider = ldap
 ldap_uri = ldaps://{{ sssd.primary.domain }}
@@ -19,7 +19,7 @@ ldap_tls_reqcert = allow
 
 [domain/{{ sssd.secondary.domain }}]
 ldap_access_filter = (objectClass=posixAccount)
-enumerate = true
+enumerate = {{ sssd.secondary.enumerate }}
 id_provider = ldap
 auth_provider = ldap
 ldap_uri = ldaps://{{ sssd.secondary.domain }}