From 82192b68c3a524b5b721d82eb41556ced7f3378c Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Tue, 4 May 2021 13:29:22 +0200
Subject: [PATCH] ad-auth: fix compatibility issues with bullseye

---
 ad-auth/tasks/pam.yml          | 12 +++++++++---
 ad-auth/templates/sssd.conf.j2 |  2 ++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/ad-auth/tasks/pam.yml b/ad-auth/tasks/pam.yml
index b003214..b613823 100644
--- a/ad-auth/tasks/pam.yml
+++ b/ad-auth/tasks/pam.yml
@@ -14,9 +14,15 @@
 
 - name: check that overwritten pam configs were not updated
   fail:
-    msg: "The original PAM configs (unix/sss) that we overwrite have changed."
-  when: (pamunix.stat.checksum != '727dc8f53ceaea0264d0877fcbb2a52eb341ff10'
-      or pamsss.stat.checksum != '3c1d4e9fa522e2ec9729260d3b108ef31df8ef9d')
+    msg: "The original PAM configs (sss) that we overwrite have changed."
+  when: pamsss.stat.checksum != '3c1d4e9fa522e2ec9729260d3b108ef31df8ef9d'
+
+- name: check that overwritten pam configs were not updated
+  fail:
+    msg: "The original PAM configs (unix) that we overwrite have changed."
+  when:
+    - pamunix.stat.checksum != '727dc8f53ceaea0264d0877fcbb2a52eb341ff10'
+    - pamunix.stat.checksum != 'f3703a58a041745d6b70b9ebb179736653d32ef4'
 
 - name: ensure pam applies customized configs
   copy:
diff --git a/ad-auth/templates/sssd.conf.j2 b/ad-auth/templates/sssd.conf.j2
index 79bb050..f204293 100644
--- a/ad-auth/templates/sssd.conf.j2
+++ b/ad-auth/templates/sssd.conf.j2
@@ -1,7 +1,9 @@
 [sssd]
 domains = {{ domain }}
 config_file_version = 2
+{% if ansible_distribution_major_version|int(default=99) < 11 %}
 services = nss, pam
+{% endif %}
 
 [pam]
 offline_credentials_expiration = 1
-- 
GitLab