diff --git a/group_vars/sssd.yml b/group_vars/sssd.yml
index 4f4d0afc2611445e8af7b5709dd53fa485491504..3f826526bf7d1b5f342231ebfe6e1ea9807dd2ad 100644
--- a/group_vars/sssd.yml
+++ b/group_vars/sssd.yml
@@ -3,16 +3,18 @@ glob_sssd:
     domain: tealc.adm.crans.org
     enumerate: "true"
     servers:
-      - "{{ query('ldap','ip','tealc','adm') | ipv4 | first }}"
-      - "{{ query('ldap','ip','sam','adm') | ipv4 | first }}"
-      - "{{ query('ldap','ip','daniel','adm') | ipv4 | first }}"
-      - "{{ query('ldap','ip','jack','adm') | ipv4 | first }}"
+      - "ldaps://{{ query('ldap','ip','tealc','adm') | ipv4 | first }}"
+      - "ldaps://{{ query('ldap','ip','sam','adm') | ipv4 | first }}"
+      - "ldaps://{{ query('ldap','ip','daniel','adm') | ipv4 | first }}"
+      - "ldaps://{{ query('ldap','ip','jack','adm') | ipv4 | first }}"
     base: "dc=crans,dc=org"
   secondary:
     domain: re2o-ldap.adm.crans.org
     enumerate: "false"
+    servers:
+      - "ldaps://{{ query('ldap','ip','re2o-ldap','adm') | ipv4 | first }}"
+      - "ldaps://{{ query('ldap','ip','terenez','adm') | ipv4 | first }}"
     base: "dc=crans,dc=org"
     bind:
       dn: "cn=nslcd,ou=service-users,dc=crans,dc=org"
       passwd: "{{ vault.ldap_nslcd_passwd }}"
-        
diff --git a/roles/sssd/templates/sssd/sssd.conf.j2 b/roles/sssd/templates/sssd/sssd.conf.j2
index 51f6cc2ea1b5ffcfe55b500f07173beb8a56ed55..8c157cc78a1dc03130eb68573c0c17f70b0aa800 100644
--- a/roles/sssd/templates/sssd/sssd.conf.j2
+++ b/roles/sssd/templates/sssd/sssd.conf.j2
@@ -9,7 +9,7 @@ ldap_access_filter = (objectClass=posixAccount)
 enumerate = {{ sssd.primary.enumerate }}
 id_provider = ldap
 auth_provider = ldap
-ldap_uri = ldaps://{{ sssd.primary.domain }}
+ldap_uri = {{ sssd.primary.servers | join(', ') }}
 ldap_search_base = {{ sssd.primary.base }}
 {% if sssd.primary.bind is defined -%}
 ldap_default_bind_dn = {{ sssd.primary.bind.dn }}
@@ -22,7 +22,7 @@ ldap_access_filter = (objectClass=posixAccount)
 enumerate = {{ sssd.secondary.enumerate }}
 id_provider = ldap
 auth_provider = ldap
-ldap_uri = ldaps://{{ sssd.secondary.domain }}
+ldap_uri = {{ sssd.secondary.servers | join(', ') }}
 ldap_search_base = {{ sssd.secondary.base }}
 {% if sssd.secondary.bind is defined -%}
 ldap_default_bind_dn = {{ sssd.secondary.bind.dn }}