diff --git a/bootstrap.yml b/bootstrap.yml
index e0a80bc..28acc35 100644
--- a/bootstrap.yml
+++ b/bootstrap.yml
@@ -1,5 +1,6 @@
 ---
 - hosts: all
-  gather_facts: false
+  #  gather_facts: false
   roles:
+    - ansible-role-sssd
     - ansible_bootstrap
diff --git a/group_vars/all/sssd b/group_vars/all/sssd
new file mode 100644
index 0000000..2f30f16
--- /dev/null
+++ b/group_vars/all/sssd
@@ -0,0 +1,5 @@
+sssd_configure: true
+# sssd_configure is False by default - by default nothing is done by this role.
+ldap_search_base: "dc=ducamps,dc=win"
+ldap_uri: "ldaps://ldap.ducamps.win"
+ldap_sudo_search_base: "ou=sudoers,dc=ducamps,dc=win"
diff --git a/provisionning.yml b/provisionning.yml
index 3683d33..c4eebf8 100644
--- a/provisionning.yml
+++ b/provisionning.yml
@@ -9,6 +9,7 @@
   vars:
     ansible_password: "{{ vault_default_root }}"
   roles:
+    - ansible-role-sssd
     - ansible_bootstrap
 
 - remote_user: "{{ user.name }}"