hellofresh · wotsyula · May 6, 2023 · May 6, 2023 · May 6, 2023 · May 6, 2023
diff --git a/README.md b/README.md
@@ -39,6 +39,8 @@ Some default values for domain specific configuration options are:
       max_id: 0
       id_provider: ldap
       auth_provider: ldap
+      ldap_schema: rfc2307
+      cache_credentials: 'false'
       enumerate: 'false'
       ldap_uri: ldap://localhost
       ldap_id_use_start_tls: 'false'

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -11,10 +11,12 @@ sssd_nss:
   filter_groups: root
 
 sssd_domain_defaults:
+  ldap_schema: rfc2307
   min_id: 1
   max_id: 0
   id_provider: ldap
   auth_provider: ldap
+  cache_credentials: 'false'
   enumerate: 'false'
   ldap_uri: ldap://localhost
   ldap_id_use_start_tls: 'false'

diff --git a/templates/sssd.conf.j2 b/templates/sssd.conf.j2
@@ -11,6 +11,9 @@ filter_groups = {{ sssd_nss.filter_users }}
 {% for domain in sssd_domains %}
 [domain/{{ domain.name }}]
 {# providers #}
+ldap_schema = {{ domain.ldap_schema
+    if domain.ldap_schema is defined
+    else sssd_domain_defaults.ldap_schema }}
 min_id = {{ domain.min_id
     if domain.min_id is defined
     else sssd_domain_defaults.min_id }}
@@ -23,6 +26,9 @@ id_provider = {{ domain.id_provider
 auth_provider = {{ domain.auth_provider
     if domain.auth_provider is defined
     else sssd_domain_defaults.auth_provider }}
+cache_credentials = {{ domain.cache_credentials
+    if domain.cache_credentials is defined
+    else sssd_domain_defaults.cache_credentials }}
 enumerate = {{ domain.enumerate
     if domain.enumerate is defined
     else sssd_domain_defaults.enumerate }}