diff --git a/host_vars/re2o.adm.crans.org.yml b/host_vars/re2o.adm.crans.org.yml
index 33100e220b4eb3c22617dba3470b56187cc2b14c..6460d3775bcaec15fbfc9c3eb329843f4d64bc72 100644
--- a/host_vars/re2o.adm.crans.org.yml
+++ b/host_vars/re2o.adm.crans.org.yml
@@ -6,7 +6,7 @@ interfaces:
 
 loc_re2o:
   owner: root
-  group: nounou
+  group: _nounou
   version: master_freeradius_python3
   settings_local_owner: www-data
-  settings_local_group: nounou
+  settings_local_group: _nounou
diff --git a/host_vars/routeur-sam.adm.crans.org.yml b/host_vars/routeur-sam.adm.crans.org.yml
index 0ba9d38990635ed9b230f24dfbb103dda7ac1520..e794940d334b30207c7c8268c4a1c08cff93d885 100644
--- a/host_vars/routeur-sam.adm.crans.org.yml
+++ b/host_vars/routeur-sam.adm.crans.org.yml
@@ -22,7 +22,7 @@ loc_keepalived:
 
 loc_re2o:
   owner: freerad
-  group: nounou
+  group: _nounou
   version: master_freeradius_python3
   settings_local_owner: freerad
-  settings_local_group: nounou
+  settings_local_group: _nounou
diff --git a/roles/crans-scripts/tasks/main.yml b/roles/crans-scripts/tasks/main.yml
index 43ba45edee623b4611e43474ff92ff1b20ecd9ba..432d9d991c1b3edd3acce58016e1424982e17450 100644
--- a/roles/crans-scripts/tasks/main.yml
+++ b/roles/crans-scripts/tasks/main.yml
@@ -5,13 +5,13 @@
     state: directory
     mode: "2775"
     owner: root
-    group: nounou
+    group: _nounou
 
 - name: Set ACL for scripts directory
   acl:
     path: /usr/scripts
     default: true
-    entity: nounou
+    entity: _nounou
     etype: group
     permissions: rwx
     state: query
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
index eb3d99586873e65bebb562232e84d752ce3dd1cf..9a207baab4d586e45d32d23e4d423e0c94c6ace3 100644
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@@ -17,13 +17,13 @@
     state: directory
     mode: '2775'
     owner: root
-    group: nounou
+    group: _nounou
 
 - name: Set ACL for dns directory
   acl:
     path: /var/local/dns
     default: true
-    entity: nounou
+    entity: _nounou
     etype: group
     permissions: rwx
     state: query
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index 1d4879ec05086f82dc2fad6c7fc975ee07cc1df1..9f9e09286ec91126c8d90f17ae1dbdad712371f4 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -17,13 +17,13 @@
     state: directory
     mode: '2775'
     owner: root
-    group: nounou
+    group: _nounou
 
 - name: Set ACL for firewall directory
   acl:
     path: /var/local/firewall
     default: true
-    entity: nounou
+    entity: _nounou
     etype: group
     permissions: rwx
     state: query
diff --git a/roles/home/tasks/main.yml b/roles/home/tasks/main.yml
index e20d0ea490addf651a3646379da4b9e6e0fee6e2..21f192c067259357fb751a12a8bbfd91d3f96161 100644
--- a/roles/home/tasks/main.yml
+++ b/roles/home/tasks/main.yml
@@ -16,13 +16,13 @@
     state: directory
     mode: '2775'
     owner: root
-    group: nounou
+    group: _nounou
 
 - name: Set ACL for home directory
   acl:
     path: /var/local/home
     default: true
-    entity: nounou
+    entity: _nounou
     etype: group
     permissions: rwx
     state: query
diff --git a/roles/re2o-dhcp/tasks/main.yml b/roles/re2o-dhcp/tasks/main.yml
index 410be8698f21d6b6cbf7dac628e3a277fc0cce55..90f44669ebfcffa119c4c1187602789af10a79b7 100644
--- a/roles/re2o-dhcp/tasks/main.yml
+++ b/roles/re2o-dhcp/tasks/main.yml
@@ -5,13 +5,13 @@
     state: directory
     mode: '2775'
     owner: root
-    group: nounou
+    group: _nounou
 
 - name: Set ACL for re2o-dhcp directory
   acl:
     path: /var/local/re2o-services/dhcp
     default: true
-    entity: nounou
+    entity: _nounou
     etype: group
     permissions: rwx
     state: query
diff --git a/roles/re2o-mail-server/tasks/main.yml b/roles/re2o-mail-server/tasks/main.yml
index cddb4286c664a50ee47226a7120ed9c746e047cf..17efe1c79450161e44697f5e255d018c035d6a12 100644
--- a/roles/re2o-mail-server/tasks/main.yml
+++ b/roles/re2o-mail-server/tasks/main.yml
@@ -5,13 +5,13 @@
     state: directory
     mode: '2775'
     owner: root
-    group: nounou
+    group: _nounou
 
 - name: Set ACL for re2o-mail-server directory
   acl:
     path: /var/local/re2o-services/mail-server
     default: true
-    entity: nounou
+    entity: _nounou
     etype: group
     permissions: rwx
     state: query
diff --git a/roles/re2o-notif-users/tasks/main.yml b/roles/re2o-notif-users/tasks/main.yml
index f8ba35881b0b6496541dee7ac125e85df6da69ab..79a0c932654d31989886e267219a796b917ae54f 100644
--- a/roles/re2o-notif-users/tasks/main.yml
+++ b/roles/re2o-notif-users/tasks/main.yml
@@ -5,13 +5,13 @@
     state: directory
     mode: '2775'
     owner: root
-    group: nounou
+    group: _nounou
 
 - name: Set ACL for re2o-notif-users directory
   acl:
     path: /var/local/re2o-services/notif-users
     default: true
-    entity: nounou
+    entity: _nounou
     etype: group
     permissions: rwx
     state: query
diff --git a/roles/re2o/tasks/main.yml b/roles/re2o/tasks/main.yml
index 11bd270fbbb7fd89d6354498d3a68fe949af7f0e..355f0db506ec16512dad0fc482eac4283f55faa7 100644
--- a/roles/re2o/tasks/main.yml
+++ b/roles/re2o/tasks/main.yml
@@ -41,7 +41,7 @@
   acl:
     path: /var/www/re2o
     default: true
-    entity: nounou
+    entity: _nounou
     etype: group
     permissions: rwx
     state: query
diff --git a/roles/slapd/templates/ldap/slapd.conf.j2 b/roles/slapd/templates/ldap/slapd.conf.j2
index 6680b9eeb97224872b26d0d04ef5e5821e8335bc..b8bd218b99e9921005c124e0a79d6503fed735d9 100644
--- a/roles/slapd/templates/ldap/slapd.conf.j2
+++ b/roles/slapd/templates/ldap/slapd.conf.j2
@@ -162,13 +162,13 @@ overlay syncprov
 access to attrs=userPassword,shadowLastChange
         by anonymous auth
         by self write
-        by set="[cn=nounou,ou=group,dc=crans,dc=org]/memberUid & user/uid" write
+        by set="[cn=_nounou,ou=group,dc=crans,dc=org]/memberUid & user/uid" write
         by dn="cn=replicator,dc=crans,dc=org" read
         by * none
 
 access to attrs=loginShell,mail,telephoneNumber
         by self write
-        by set="[cn=nounou,ou=group,dc=crans,dc=org]/memberUid & user/uid" write
+        by set="[cn=_nounou,ou=group,dc=crans,dc=org]/memberUid & user/uid" write
         by dn="cn=replicator,dc=crans,dc=org" read
         by * read
 
@@ -186,7 +186,7 @@ access to dn.base="" by * read
 # The admin dn has full write access, everyone else
 # can read everything.
 access to *
-        by set="[cn=nounou,ou=group,dc=crans,dc=org]/memberUid & user/uid" write
+        by set="[cn=_nounou,ou=group,dc=crans,dc=org]/memberUid & user/uid" write
         by dn="cn=replicator,dc=crans,dc=org" read
         by * read
 {% endif %}
diff --git a/roles/sudo/templates/sudoers.d/group_privilege.j2 b/roles/sudo/templates/sudoers.d/group_privilege.j2
index 54f198cd92cf1f17ba9799d9fbcbbf37f277460e..7d0fe1d7c88f9522e1e26ea6a4c6c56dc8ce5f77 100644
--- a/roles/sudo/templates/sudoers.d/group_privilege.j2
+++ b/roles/sudo/templates/sudoers.d/group_privilege.j2
@@ -1,3 +1,3 @@
 {{ ansible_header | comment }}
 # Group privilege specification
-%nounou    ALL=(ALL:ALL) ALL
+NOUNOU    ALL=(ALL:ALL) ALL
diff --git a/roles/sudo/templates/sudoers.j2 b/roles/sudo/templates/sudoers.j2
index 8a2525e36e774a7a4a1b42f2445ccbe2be5f6d5d..2b635b8c5b336f6aa970e9327479602cc4bd1355 100644
--- a/roles/sudo/templates/sudoers.j2
+++ b/roles/sudo/templates/sudoers.j2
@@ -7,8 +7,8 @@ Defaults	mail_badpass
 Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
 # Host alias specification
-User_Alias    USERS= %user
-User_Alias    NOUNOUS= %nounou
+User_Alias    USERS= %_user
+User_Alias    NOUNOUS= %_nounou
 
 # User alias specification