[domain/{{ sssd_domains }}]
cache_credentials = {{ sssd_cache_credentials }}
krb5_store_password_if_offline = {{ sssd_krb5_offline_passwords }}
ipa_domain = {{ sssd_domains }}
id_provider = {{ sssd_id_provider }}
auth_provider = {{ sssd_auth_provider }}
access_provider = {{ sssd_access_provider }}
ipa_hostname = {{ ansible_host }}
chpass_provider = {{ sssd_chpass_provider }}
{% if sssd_on_master | bool %}
ipa_server = {{ sssd_ipa_servers | join(", ") }}
ipa_server_mode = True
{% else %}
{% if sssd_domains != ansible_domain %}
dns_discovery_domain = sssd_domains
{% endif %}
ipa_server = _srv_, {{ sssd_ipa_servers | join(", ")}}
{% endif %}
ldap_tls_cacert = /etc/ipa/ca.crt

{% if sssd_on_master | bool %}
{%   set sssd_services = sssd_services + ", ifp" %}
{% endif %}
[sssd]
services = {{ sssd_services }}
domains = {{ sssd_domains }}

{% for service in sssd_services.split(',') %}
[{{ service | trim }}]
{% if service | trim == "nss" %}
homedir_substring = /home
{% endif %}

{% endfor %}