---
- name: install needed packages
  apt:
    name:
      - sssd-ldap
    state: latest

- name: add URI to ldap.conf
  lineinfile:
    dest: /etc/ldap/ldap.conf
    line: "URI ldaps://{{ ldap_server }}/"
    insertafter: "#URI.*"

- name: add BASE to ldap.conf
  lineinfile:
    dest: /etc/ldap/ldap.conf
    line: "BASE {{ basedn }}"
    insertafter: "#BASE.*"

- name: do not verify cert
  lineinfile:
    dest: /etc/ldap/ldap.conf
    line: "LDAPTLS_REQCERT      never"

- name: set homepage
  lineinfile:
    dest: /etc/firefox-esr/firefox-esr.js
    line: pref("browser.startup.homepage", "https://www.startpage.com");

    #- name: enable pam_umask
    #  lineinfile:
    #    dest: /etc/pam.d/common-session
    #    line: "session optional	pam_umask.so usergroups"

- name: enable pam_mkhomedir.so
  lineinfile:
    dest: /etc/pam.d/common-session
    line: "session	optional			pam_mkhomedir.so"
    insertafter: "# end of pam-auth-update config"

    #  command: /usr/sbin/pam-auth-update --enable mkhomedir

## oddjob-mkhomedir works only with sec=sys for the NFSv4 share

- name: provide identities from directory
  template:
    src: sssd.conf.j2
    dest: /etc/sssd/sssd.conf
    mode: 0600
  notify: restart sssd