glob_sssd:
  primary:
    domain: tealc.adm.crans.org
    servers:
      - "{{ query('ldap','ip','tealc','adm') | ipv4 | first }}"
      - "{{ query('ldap','ip','sam','adm') | ipv4 | first }}"
      - "{{ query('ldap','ip','daniel','adm') | ipv4 | first }}"
      - "{{ query('ldap','ip','jack','adm') | ipv4 | first }}"
    base: "dc=crans,dc=org"
  secondary:
    domain: re2o-ldap.adm.crans.org
    base: "dc=crans,dc=org"
    bind:
      dn: "cn=nslcd,ou=service-users,dc=crans,dc=org"
      passwd: "{{ vault.ldap_nslcd_passwd }}"