From 6108584f0f30ef888c5df4961051ef2c180435f7 Mon Sep 17 00:00:00 2001
From: Chris Hines <chris.hines@monash.edu>
Date: Tue, 13 Mar 2018 14:44:41 +1100
Subject: [PATCH] allow use of a ldap readonly server for failover (but don't
 mandate it)

Former-commit-id: 59d9297a2506411f0e16eef6611cd369be8e4ec5
---
 roles/ldapclient/templates/sssd.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/ldapclient/templates/sssd.j2 b/roles/ldapclient/templates/sssd.j2
index 17de2c97..75909146 100644
--- a/roles/ldapclient/templates/sssd.j2
+++ b/roles/ldapclient/templates/sssd.j2
@@ -22,7 +22,12 @@ auth_provider = ldap
 chpass_provider = ldap
 access_provider = ldap
 
+{% if ldapROURI is defined %}
+ldap_uri = {{ ldapURI }}, {{ ldapROURI }}
+ldap_chpass_uri = {{ ldapURI }}
+{% else %}
 ldap_uri = {{ ldapURI }} 
+{% endif %}
 ldap_id_use_start_tls = True
 ldap_tls_reqcert = allow 
 ldap_tls_cacert = {{ ldapCaCertFile }}
-- 
GitLab