---
glob_sssd:
  primary:
    domain: ldap-adm.adm.crans.org
    enumerate: "true"
    servers:
      - "ldaps://{{ query('ldap','ip','ldap-adm','adm') | ansible.utils.ipv4 | first }}/"
      - "ldaps://{{ query('ldap','ip','sam','adm') | ansible.utils.ipv4 | first }}/"
      - "ldaps://{{ query('ldap','ip','daniel','adm') | ansible.utils.ipv4 | first }}/"
      - "ldaps://{{ query('ldap','ip','jack','adm') | ansible.utils.ipv4 | first }}/"
    base: "dc=crans,dc=org"
  secondary:
    domain: re2o-ldap.adm.crans.org
    enumerate: "false"
    servers:
      - "ldaps://{{ query('ldap','ip','re2o-ldap','adm') | ansible.utils.ipv4 | first }}/"
      - "ldaps://{{ query('ldap','ip','terenez','adm') | ansible.utils.ipv4 | first }}/"
    base: "dc=crans,dc=org"
    bind:
      dn: "{{ vault.sssd.secondary_ldap.binddn }}"
      passwd: "{{ vault.sssd.secondary_ldap.bindpass }}"