From 9ff911e980657a367e89200cb049ec40ceda9d87 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?=
 <jeremy.gardais@univ-rennes1.fr>
Date: Mon, 21 Aug 2017 16:27:36 +0200
Subject: [PATCH] Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf`
 file (#1).

---
 CHANGELOG.md      | 5 +++++
 README.md         | 2 ++
 defaults/main.yml | 2 ++
 tasks/main.yml    | 8 ++++++++
 4 files changed, 17 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 25d7e26..f03d8dd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,9 @@
 
+## v1.1.1
+
+### Fix
+* Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file (#1).
+
 ## v1.1
 
 ### Fix
diff --git a/README.md b/README.md
index 54fa942..e759fe9 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,7 @@ Highly inspired by [Lae's system_ldap role][lae sssd galaxy] with minors updates
 * **sssd_main_conf_tpl** : Template used to generate the previous config file [default : `etc/sssd/sssd.conf.j2`].
 * **sssd_mkhomedir** : If home directories should be created at login [default : `true`].
 * **sssd_home_path** : Path where home directories are stored [default : `/home`].
+* **sssd_sudoers_ldap** : If sudo must look to `sss` the list of sudoers [default : `false`].
 * **sssd_service_name** : SSSD's service name [default : `sssd`].
 
 ### OS Specific Variables
@@ -59,6 +60,7 @@ This role will :
 * Install needed packages to provide `sssd`.
 * Manage the default `sssd` configuration file (`/etc/sssd/sssd.conf`).
 * Create an additionnal configuration file to only store the bind_password (`/etc/sssd/conf.d/domain.bind.conf`).
+* Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file.
 * Manage `sssd` service.
 
 ## Development
diff --git a/defaults/main.yml b/defaults/main.yml
index a1b9957..e36ece1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -10,6 +10,8 @@ sssd_main_conf_tpl: 'etc/sssd/sssd.conf.j2'
 sssd_mkhomedir: true
 sssd_home_path: '/home'
 
+sssd_sudoers_ldap: false
+
 # LDAP info
 sssd_domain: ''
 sssd_schema: 'rfc2307bis'
diff --git a/tasks/main.yml b/tasks/main.yml
index 73252e0..b40cab9 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -15,6 +15,14 @@
     state: "{{ sssd_pkg_state }}"
   with_items: "{{ sssd_pkg_list }}"
 
+# Update nsswitch.conf
+- name: CONFIG sudoers nsswitch.conf
+  lineinfile:
+    dest: /etc/nsswitch.conf
+    regexp: '^sudoers:.*sss'
+    line: 'sudoers:        files'
+  when: not sssd_sudoers_ldap
+
 # Configuration file
 - name: CONFIG sssd.conf
   template: