doing some dull work

ad-auth/files/sudo/admin

+%admin ALL=(ALL:ALL) ALL

ad-auth/tasks/main.yml

@@ -6,3 +6,4 @@ tasks:
   - include: nslcd.yml
   - include: nscd.yml
   - include: kerberos.yml
+  - include: sudo.yml

ad-auth/tasks/sudo.yml

+---
+# file: roles/ad-auth/tasks/sudo.yml
+
+- name: ensure users of group admin are in the sudoers
+  copy: src=sudo/admin dest=/etc/sudoers.d/admin owner=root group=root mode=0440
+  tags: sudo config
+
+- name: check whole sudo config
+  command: visudo -q -c -f /etc/sudoers
+  tags: sudo test

ad-auth/templates/ldap.conf.j2

-## TODO
 #
 # LDAP Defaults
 #
@@ -6,11 +5,11 @@
 # See ldap.conf(5) for details
 # This file should be world readable but not world writable.
 
-BASE	dc=fsmpi,dc=rwth-aachen,dc=de
-URI	ldaps://rumo.fsmpi.rwth-aachen.de
+BASE	{{ authbase }}
+URI	ldaps://{{ authserver }}
 
 #SIZELIMIT	12
 #TIMELIMIT	15
 #DEREF		never
 
-TLS_CACERT	/etc/ssl/certs/rwth_chain.pem
+TLS_CACERT	{{ authcacert }}

ad-auth/templates/nslcd.conf.j2

-## TODO
 # /etc/nslcd.conf
 # nslcd configuration file. See nslcd.conf(5)
 # for details.
@@ -8,10 +7,10 @@ uid nslcd
 gid nslcd
 
 # The location at which the LDAP server(s) should be reachable.
-uri ldaps://rumo.fsmpi.rwth-aachen.de/
+uri ldaps://{{ authserver }}
 
 # The search base that will be used for all queries.
-base dc=fsmpi,dc=rwth-aachen,dc=de
+base {{ authbase }}
 
 # The LDAP protocol version to use.
 #ldap_version 3
@@ -25,7 +24,7 @@ base dc=fsmpi,dc=rwth-aachen,dc=de
 
 # SSL options
 #ssl off
-tls_cacertfile /etc/ssl/certs/rwth_chain.pem
+tls_cacertfile {{ authcacert }}
 tls_reqcert demand
 
 # The search scope.