Further split roles. Mount user home on the clients (sshfs).

The following roles are available:
 fvs-sssd
   Configures LDAP as ID and AUTH provider using sssd.
 fvs-mount
   Provides all private user directories on login with pam_mount.

Machines provided so far are:
  The server providing the home directory: fvs-home.yml
  A standard client: fvs-client.yml

roles/fvs-sssd/defaults/main.yml

@@ -0,0 +1,2 @@
+basedn: "ou=Benutzer,ou=fvs,ou=SCHULEN,o=ml3"
+ldap_server: "ldap.steinbeisschule-reutlingen.de"

roles/fvs-sssd/handlers/main.yml

@@ -0,0 +1,3 @@
+- name: restart sssd
+  service: name=sssd state=restarted enabled=yes
+  listen: "restart sssd"

roles/fvs-sssd/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: install needed packages
+  apt:
+    name:
+      - sssd-ldap
+    state: latest
+
+- name: add URI to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "URI ldaps://{{ ldap_server }}/"
+    insertafter: "#URI.*"
+
+- name: add BASE to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "BASE {{ basedn }}"
+    insertafter: "#BASE.*"
+
+- name: do not verify cert
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "LDAPTLS_REQCERT      never"
+
+- name: provide identities from directory
+  template:
+    src: sssd.conf.j2
+    dest: /etc/sssd/sssd.conf
+    mode: 0600
+  notify: restart sssd

roles/fvs-sssd/templates/sssd.conf.j2

@@ -0,0 +1,22 @@
+[sssd]
+domains = LDAP
+config_file_version = 2
+services = nss, pam
+
+[nss]
+filter_groups = root
+filter_users = root
+
+[pam]
+
+[domain/LDAP]
+id_provider = ldap
+ldap_uri = ldaps://{{ ldap_server }}/
+ldap_search_base = {{ basedn }}
+
+auth_provider = ldap
+auto_private_groups = true
+
+cache_credentials = true
+
+ldap_tls_reqcert = never