From 816f19201659c10a882f192e94d095d7ac22f484 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Sat, 26 Jun 2021 08:22:19 +0200
Subject: [PATCH] [sssd] Disable NSCD cache as recommended

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 roles/sssd/tasks/main.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/roles/sssd/tasks/main.yml b/roles/sssd/tasks/main.yml
index d9b244b7..b5d5324e 100644
--- a/roles/sssd/tasks/main.yml
+++ b/roles/sssd/tasks/main.yml
@@ -37,6 +37,15 @@
     - {name: networks, db: files ldap}
     - {name: hosts, db: files ldap dns}
 
+- name: Disable nscd cache
+  lineinfile:
+    dest: /etc/nscd.conf
+    regex: "^enable-cache +{{ item }}"
+    line: "enable-cache            {{ item }}  no"
+  loop:
+    - "passwd"
+    - "group "
+
 - name: Configure PAM authentication
   template:
     src: pam.d/common-password.j2
-- 
GitLab