Use ansible_domain everywhere and bail out if it is empty.

roles/nfs-server/defaults/main.yml

@@ -1,4 +1,3 @@
 export_root: /srv/nfs4
 lan_homes:  /home/lan
-ldap_domain: "{{ ansible_domain | default('intern', true) }}"
-basedn: "{{ 'dc=' + ( ldap_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
+basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"

roles/nfs-server/tasks/main.yml

@@ -1,5 +1,8 @@
 ## Install and configure nfs-server
 ---
+- fail: msg="The machine's domain must not be empty."
+  when: ansible_domain | length == 0 
+
 - name: check if there are installing
   stat: path=/etc/exports
   register: exports
@@ -40,11 +43,11 @@
   register: kadmin
 
 - name: create machine principal
-  command: kadmin.local -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ldap_domain }}"
+  command: kadmin.local -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
   when: kadmin.stat.exists and not exports.stat.exists
 
 - name: add principal to the keytab
-  command: kadmin.local -q "ktadd nfs/{{ ansible_hostname }}.{{ ldap_domain }}"
+  command: kadmin.local -q "ktadd nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
   notify: "restart rpc-svcgssd"
   when: kadmin.stat.exists and not exports.stat.exists
 

roles/nfs-server/templates/sssd.conf.j2

@@ -16,7 +16,7 @@ ldap_search_base = {{ basedn }}
 
 auth_provider = krb5
 krb5_server = {{ ansible_hostname }}
-krb5_realm = {{ ldap_domain | upper }}
+krb5_realm = {{ ansible_domain | upper }}
 cache_credentials = false
 
 min_id = 10000