From 4347549b0782dc0af45e46f7e1867b51a6f6da87 Mon Sep 17 00:00:00 2001
From: Christian Boltz <cboltz@opensuse.org>
Date: Jun 05 2022 22:03:47 +0000
Subject: nsswitch.conf: only change passwd and group


... instead of deploying the whole file.

This prevents problems on Tumbleweed, which uses different settings for
several options (typically it additionally has 'usrfiles').

Luckily, the two options we need to change are not affected, so we don't
need a version switch.

---

diff --git a/salt/profile/ldap/client/files/etc/nsswitch.conf b/salt/profile/ldap/client/files/etc/nsswitch.conf
deleted file mode 100644
index 4cd6d89..0000000
--- a/salt/profile/ldap/client/files/etc/nsswitch.conf
+++ /dev/null
@@ -1,49 +0,0 @@
-#
-# /etc/nsswitch.conf
-#
-# Managed by Salt
-#
-# An example Name Service Switch config file. This file should be
-# sorted with the most-used services at the beginning.
-#
-# The entry '[NOTFOUND=return]' means that the search for an
-# entry should stop if the search in the previous entry turned
-# up nothing. Note that if the search failed due to some other reason
-# (like no NIS server responding) then the search continues with the
-# next entry.
-#
-# Legal entries are:
-#
-#       compat                  Use compatibility setup
-#       nisplus                 Use NIS+ (NIS version 3)
-#       nis                     Use NIS (NIS version 2), also called YP
-#       dns                     Use DNS (Domain Name Service)
-#       files                   Use the local files
-#       [NOTFOUND=return]       Stop searching if not found so far
-#
-# For more information, please read the nsswitch.conf.5 manual page.
-#
-
-# passwd: files nis
-# shadow: files nis
-# group:  files nis
-
-passwd: compat sss
-group:  compat sss
-
-hosts:  	files dns
-networks:	files dns
-
-services:	files
-protocols:	files
-rpc:		files
-ethers:		files
-netmasks:	files
-netgroup:	files nis
-publickey:	files
-
-bootparams:	files
-automount:	files nis
-aliases:	files
-
-
diff --git a/salt/profile/ldap/client/init.sls b/salt/profile/ldap/client/init.sls
index a0f213f..1b98db2 100644
--- a/salt/profile/ldap/client/init.sls
+++ b/salt/profile/ldap/client/init.sls
@@ -13,6 +13,10 @@ include:
     - source: salt://profile/ldap/client/files/usr/local/bin/fetch_freeipa_ldap_sshpubkey.sh
     - mode: 0755
 
-/etc/nsswitch.conf:
-  file.managed:
-    - source: salt://profile/ldap/client/files/etc/nsswitch.conf
+{% for setting in ['passwd', 'group'] %}
+/etc/nsswitch.conf_{{setting}}:
+  file.replace:
+    - name: /etc/nsswitch.conf
+    - pattern: ^{{setting}}:.*$
+    - repl: '{{setting}}: compat sss'
+{% endfor %}