From 4191826cf44f061e579b22759a56eacb648b3eab Mon Sep 17 00:00:00 2001
From: Christian Boltz <cboltz@opensuse.org>
Date: Jun 13 2022 12:06:10 +0000
Subject: Merge branch 'cboltz-nsswitch' into 'production'


nsswitch.conf: only change passwd and group

See merge request infra/salt!553
---

diff --git a/salt/profile/ldap/client/files/etc/nsswitch.conf b/salt/profile/ldap/client/files/etc/nsswitch.conf
deleted file mode 100644
index 4cd6d89..0000000
--- a/salt/profile/ldap/client/files/etc/nsswitch.conf
+++ /dev/null
@@ -1,49 +0,0 @@
-#
-# /etc/nsswitch.conf
-#
-# Managed by Salt
-#
-# An example Name Service Switch config file. This file should be
-# sorted with the most-used services at the beginning.
-#
-# The entry '[NOTFOUND=return]' means that the search for an
-# entry should stop if the search in the previous entry turned
-# up nothing. Note that if the search failed due to some other reason
-# (like no NIS server responding) then the search continues with the
-# next entry.
-#
-# Legal entries are:
-#
-#       compat                  Use compatibility setup
-#       nisplus                 Use NIS+ (NIS version 3)
-#       nis                     Use NIS (NIS version 2), also called YP
-#       dns                     Use DNS (Domain Name Service)
-#       files                   Use the local files
-#       [NOTFOUND=return]       Stop searching if not found so far
-#
-# For more information, please read the nsswitch.conf.5 manual page.
-#
-
-# passwd: files nis
-# shadow: files nis
-# group:  files nis
-
-passwd: compat sss
-group:  compat sss
-
-hosts:  	files dns
-networks:	files dns
-
-services:	files
-protocols:	files
-rpc:		files
-ethers:		files
-netmasks:	files
-netgroup:	files nis
-publickey:	files
-
-bootparams:	files
-automount:	files nis
-aliases:	files
-
-
diff --git a/salt/profile/ldap/client/init.sls b/salt/profile/ldap/client/init.sls
index a0f213f..1b98db2 100644
--- a/salt/profile/ldap/client/init.sls
+++ b/salt/profile/ldap/client/init.sls
@@ -13,6 +13,10 @@ include:
     - source: salt://profile/ldap/client/files/usr/local/bin/fetch_freeipa_ldap_sshpubkey.sh
     - mode: 0755
 
-/etc/nsswitch.conf:
-  file.managed:
-    - source: salt://profile/ldap/client/files/etc/nsswitch.conf
+{% for setting in ['passwd', 'group'] %}
+/etc/nsswitch.conf_{{setting}}:
+  file.replace:
+    - name: /etc/nsswitch.conf
+    - pattern: ^{{setting}}:.*$
+    - repl: '{{setting}}: compat sss'
+{% endfor %}