---
- name: Install sssd and nslcd
  apt:
    update_cache: true
    name:
      - libnss-ldapd
      - libpam-ldapd
      - nslcd
      - sssd
    state: present
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Configure sssd
  template:
    src: sssd/sssd.conf.j2
    dest: /etc/sssd/sssd.conf
    mode: 0600
  notify: Restart sssd service

- name: Enable sssd socket activation
  systemd:
    name: "sssd-{{ item }}"
    enabled: true
  loop:
    - nss
    - pam

- name: Configure nslcd for hosts
  template:
    src: nslcd.conf.j2
    dest: /etc/nslcd.conf
    mode: 0600
  notify: Restart nslcd service

- name: Configure NSS to use sss
  lineinfile:
    dest: /etc/nsswitch.conf
    regexp: "^{{ item.name }}:"
    line: "{{ item.name }}:		{{ item.db }}"
  loop:
    - {name: passwd, db: files systemd sss}
    - {name: group, db: files systemd sss}
    - {name: shadow, db: files sss}
    - {name: networks, db: files ldap}
    - {name: hosts, db: files ldap dns}

- name: Disable nscd cache
  lineinfile:
    dest: /etc/nscd.conf
    regex: "^enable-cache +{{ item }}"
    line: "enable-cache            {{ item }}  no"
  loop:
    - "passwd"
    - "group "

- name: Configure PAM authentication
  template:
    src: pam.d/common-password.j2
    dest: /etc/pam.d/common-password