Client install roles added

roles/lmn_sssd/handlers/main.yml

@@ -0,0 +1,3 @@
+- name: restart sssd
+  service: name=sssd state=restarted enabled=yes
+  listen: "restart sssd"

roles/lmn_sssd/tasks/main.yml

@@ -0,0 +1,25 @@
+---
+- name: install needed packages
+  apt:
+    name:
+      - sssd-ad
+      - sssd-tools
+      - adcli
+    state: latest
+
+- name: provide identities from directory
+  template:
+    src: sssd.conf.j2
+    dest: /etc/sssd/sssd.conf
+    mode: 0600
+  notify: restart sssd
+
+  ## Either one of the variables is defined:
+- name: join the domain
+  shell:
+    cmd: >
+      echo "{{ ansible_cmdline.adpw | default('') + adpw.user_input | default('') }}" |
+      adcli join --stdin-password -U global-admin {{ domain | upper }}
+  when: >
+    ansible_cmdline.adpw | default('') | length > 0 or
+    adpw.user_input | default('') | length > 0

roles/lmn_sssd/templates/sssd.conf.j2

@@ -0,0 +1,17 @@
+[sssd]
+domains = {{ domain }}
+config_file_version = 2
+
+[domain/{{ domain }}]
+krb5_realm = {{ domain | upper }}
+ad_domain = {{ domain }}
+id_provider = ad
+access_provider = ad
+use_fully_qualified_names = False
+cache_credentials = True
+krb5_store_password_if_offline = True
+default_shell = /usr/bin/bash
+# default: # ldap_id_mapping = True
+ad_gpo_access_control = disabled
+ad_gpo_ignore_unreadable = True
+ad_maximum_machine_account_password_age = 0