[sssd] Optional enumerate

group_vars/sssd.yml

@@ -1,6 +1,7 @@
 glob_sssd:
   primary:
     domain: tealc.adm.crans.org
+    enumerate: "true"
     servers:
       - "{{ query('ldap','ip','tealc','adm') | ipv4 | first }}"
       - "{{ query('ldap','ip','sam','adm') | ipv4 | first }}"
@@ -9,6 +10,7 @@ glob_sssd:
     base: "dc=crans,dc=org"
   secondary:
     domain: re2o-ldap.adm.crans.org
+    enumerate: "false"
     base: "dc=crans,dc=org"
     bind:
       dn: "cn=nslcd,ou=service-users,dc=crans,dc=org"

roles/sssd/templates/sssd/sssd.conf.j2

@@ -6,7 +6,7 @@ domains = {{ sssd.primary.domain }}, {{ sssd.secondary.domain }}
 
 [domain/{{ sssd.primary.domain }}]
 ldap_access_filter = (objectClass=posixAccount)
-enumerate = true
+enumerate = {{ sssd.primary.enumerate }}
 id_provider = ldap
 auth_provider = ldap
 ldap_uri = ldaps://{{ sssd.primary.domain }}
@@ -19,7 +19,7 @@ ldap_tls_reqcert = allow
 
 [domain/{{ sssd.secondary.domain }}]
 ldap_access_filter = (objectClass=posixAccount)
-enumerate = true
+enumerate = {{ sssd.secondary.enumerate }}
 id_provider = ldap
 auth_provider = ldap
 ldap_uri = ldaps://{{ sssd.secondary.domain }}