---
- name: Install sssd and nslcd
  apt:
    update_cache: true
    name:
      - sssd
      - libnss-ldapd
      - libpam-ldapd
    state: present
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Configure sssd
  template:
    src: sssd/sssd.conf.j2
    dest: /etc/sssd/sssd.conf
    mode: 0600
  notify: Restart sssd service

- name: Configure nslcd for hosts
  template:
    src: nslcd.conf.j2
    dest: /etc/nslcd.conf
    mode: 0600
  notify: Restart nslcd service

- name: Configure NSS to use sss
  lineinfile:
    dest: /etc/nsswitch.conf
    regexp: "^{{ item.name }}:"
    line: "{{ item.name }}:		{{ item.db }}"
  loop:
    - {name: passwd, db: files systemd sss}
    - {name: group, db: files systemd sss}
    - {name: shadow, db: files sss}
    - {name: networks, db: files ldap}
    - {name: hosts, db: files ldap dns}

- name: Configure PAM authentication
  template:
    src: pam.d/common-password.j2
    dest: /etc/pam.d/common-password