---
ad_auth: False
ad_domain: "{{ samba_domain }}"
ad_realm: "{{ samba_realm }}"
ad_admin: Administrator
ad_admin_pass: "{{ samba_dc_admin_pass }}"
ad_computer_ou: 
ad_access_filter: "(|(memberOf=CN=Domain Admins,CN=Users,DC={{ ad_realm | regex_replace('\\.',',DC=') }})(memberOf=CN=Domain Admins,OU=Groups,DC={{ ad_realm | regex_replace('\\.',',DC=') }}))"
ad_enumerate: True

# sssd doesn't support cross forest approbations, but we can add the Linux box to the other domains
ad_trusted_domains: "{{ samba_trusted_domains | default([]) }}"
# ad_trusted_domains:
#   - name: ad.fws.fr
#     admin_user: administrator
#     admin_pass: s3cr3t.

ad_default_trusted_domain:
  access_filter: "{{ ad_access_filter }}"
  enumerate: "{{ ad_enumerate }}"
  ldap_group_search_base: "{{ ad_ldap_group_search_base | default(False) }}"
  ldap_user_search_base: "{{ ad_ldap_user_search_base | default(False) }}"

# You can define a custom search base, with a scope and a filter for groups:
# ad_ldap_group_search_base: CN=Users,dc=ad,dc=domain,dc=com?sub?(|(cn=Domain Users)(cn=Domain Admins))
# ad_ldap_user_search_base: OU=IT,DC=AD,DC=DOMAIN,DC=COM?sub