From 0134afdf58175fa8ed0b4cd8a630b6e68b557af3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?=
 <jeremy.gardais@univ-rennes1.fr>
Date: Thu, 12 Apr 2018 11:40:34 +0200
Subject: [PATCH] Remove unwanted packages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Such as libnss-ldap, nscd,…
---
 CHANGELOG.md      | 5 +++++
 README.md         | 3 +++
 defaults/main.yml | 2 ++
 tasks/main.yml    | 9 ++++++++-
 vars/debian.yml   | 5 +++++
 5 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 23735a0..eea499b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,9 @@
 
+## v1.x
+
+### Enhancement
+* Remove unwanted packages.
+
 ## v1.2.1
 
 ### Enhancement
diff --git a/README.md b/README.md
index e8457f7..22818e8 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,7 @@ Highly inspired by [Lae's system_ldap role][lae sssd galaxy] with minors updates
 ## Role Variables
 
 * **sssd_pkg_state** : State of new sssd packages [default : `latest`].
+* **sssd__unwanted_packages_state** : State of unwanted packages that might interfer with SSSD [default : `absent`].
 * **sssd_conf_manage** : If SSSD configuration should be managed with this role [default : `true`].
 * **sssd_main_conf_path** : Path to set main SSSD's configuration [default : `/etc/sssd/sssd.conf`].
 * **sssd_main_conf_tpl** : Template used to generate the previous config file [default : `etc/sssd/sssd.conf.j2`].
@@ -36,6 +37,7 @@ Please see default value by Operating System file in [vars][vars directory] dire
 
 * **sssd_pkg_list** : The list of packages to install to provide `sssd`.
   * Be careful, `sssd` may need additional packages to be able to establish a TLS connection to a LDAP/AD/… server (such as `ca-certificates`,…).
+* **sssd__unwanted_packages_list** : The list of packages to remove.
 
 ## Example Playbook
 
@@ -69,6 +71,7 @@ sssd_flush_handlers: True
 
 This role will :
 * Install needed packages to provide `sssd`.
+* Remove packages that might interfer with `sssd` for authentication.
 * Manage the default `sssd` configuration file (`/etc/sssd/sssd.conf`).
 * Create an additional configuration file to only store the bind_password (`/etc/sssd/conf.d/domain.bind.conf`).
 * Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file if `sssd_nsswitch_manage` is set.
diff --git a/defaults/main.yml b/defaults/main.yml
index 3cc9d59..dafbe79 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,6 +3,8 @@
 # Package
 sssd_pkg_state: 'latest'
 
+sssd__unwanted_packages_state: 'absent'
+
 # Configuration
 sssd_conf_manage: true
 sssd_main_conf_path: '/etc/sssd/sssd.conf'
diff --git a/tasks/main.yml b/tasks/main.yml
index c6408ea..27ca9f8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,13 +8,20 @@
     - "{{ ansible_distribution|lower }}.yml"
     - "{{ ansible_os_family|lower }}.yml"
 
-# Packages
+# Packages [[[
 - name: Install sssd
   package:
     name: "{{ item }}"
     state: "{{ sssd_pkg_state }}"
   with_items: "{{ sssd_pkg_list }}"
 
+- name: Remove unwanted packages
+  package:
+    name: "{{ item }}"
+    state: "{{ sssd__unwanted_packages_state }}"
+  with_items: "{{ sssd__unwanted_packages_list }}"
+# ]]]
+
 # Update nsswitch.conf
 - name: CONFIG sudoers nsswitch.conf
   lineinfile:
diff --git a/vars/debian.yml b/vars/debian.yml
index 213b99b..642fe10 100644
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -5,3 +5,8 @@ sssd_pkg_list:
   - libpam-sss
   - libnss-sss
   - sssd
+
+sssd__unwanted_packages_list:
+  - libnss-ldap
+  - nscd
+  - nslcd