From 0ba135be526e7cfef9e2b889ca81d0694297cf7d Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 17 Nov 2020 18:15:23 +0000
Subject: [PATCH] sssd: Disable unused services and enumeration

We are not using autofs or sudo via LDAP so disable them. Enumeration
doesn't seem to help getting all users via getent so disable it.
---
 roles/sssd/templates/sssd.conf.j2 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/sssd/templates/sssd.conf.j2 b/roles/sssd/templates/sssd.conf.j2
index 8dc34b5..82aa6b1 100644
--- a/roles/sssd/templates/sssd.conf.j2
+++ b/roles/sssd/templates/sssd.conf.j2
@@ -11,6 +11,8 @@ domains = {{ kerberos_realm }}
 id_provider = ldap
 auth_provider = krb5
 chpass_provider = ldap
+autofs_provider = none
+sudo_provider = none
 ldap_uri = ldaps://{{ ldap_server[0] }}
 ldap_search_base = {{ ldap_basedn }}
 ldap_schema = rfc2307bis
@@ -23,5 +25,4 @@ ldap_sasl_mech = EXTERNAL
 ldap_tls_cacert = {{ tls_bundle }}
 ldap_tls_cert = {{ tls_certs }}/{{ inventory_hostname }}.crt
 ldap_tls_key = {{ tls_private }}/{{ inventory_hostname }}.key
-enumerate = true
 krb5_realm = {{ kerberos_realm }}