--- - name: remove other files include_tasks: yaml_sub/myrepo_clean.yaml - name: update file myrepo.repo import_tasks: yaml_sub/myrepo_data.yaml - name: install sssd dnf: name: sssd,sssd-ldap,sssd-tools state: present update_cache: true skip_broken: true nobest: false allowerasing: true - name: Check for marker line lineinfile: path: /etc/sssd/sssd.conf create: true state: present line: "# BEGIN ANSIBLE MANAGED BLOCK" register: marker_check - name: Delete file if marker is absent file: path: /etc/sssd/sssd.conf state: absent when: marker_check.changed - name: sssd config blockinfile: path: /etc/sssd/sssd.conf state: present create: true owner: "root" group: "root" mode: "0600" block: | [sssd] domains = default services = nss,pam,ssh [domain/default] id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldaps://ldap.neuro.uni-bremen.de:636 ldap_search_base = dc=ldap,dc=neuro,dc=uni-bremen,dc=de ldap_user_search_base = ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de ldap_group_search_base = ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de ldap_user_name = uid ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = homeDirectory ldap_user_shell = loginShell ldap_user_fullname = cn ldap_user_object_class = posixAccount ldap_default_authtok_type = password ldap_tls_reqcert = never ldap_group_object_class = posixGroup ldap_group_gid_number = gidNumber ldap_group_member = memberUid ldap_group_name = cn ldap_group_nesting_level = 5 register: marker_check - name: enable sssd shell: "/usr/bin/authselect select sssd --force" when: marker_check.changed - name: Make sure sssd is updated systemd_service: daemon_reload: true state: restarted enabled: true name: sssd when: marker_check.changed