Prioritize SSS over local accounts in nsswitch

Rewrites the passwd and group lines in /etc/nsswitch.conf so SSSD is consulted before local files, and notifies the existing SSSD restart handler so the change takes effect immediately. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-26 18:02:29 +02:00
parent 9eb3e446af
commit 65a02177fa
1 changed files with 10 additions and 0 deletions
@@ -34,6 +34,16 @@
  no_log: false
  when: not ipa_client_conf.stat.exists

+- name: Prioritize SSS over local accounts in NSS
+  ansible.builtin.lineinfile:
+    path: /etc/nsswitch.conf
+    regexp: '^{{ item }}:'
+    line: '{{ item }}: sss files systemd'
+  loop:
+    - passwd
+    - group
+  notify: Restart SSSD
+
 - name: Enable mkhomedir
  ansible.builtin.command:
    argv: