Move sssd service definition to avoid duplication

The ipa_manage_sssd block already existed and now the service lives
together with the config file management.

manifests/config.pp

@@ -191,14 +191,6 @@
         }
       }
 
-      if $foreman::ipa_manage_sssd {
-        service { 'sssd':
-          ensure  => running,
-          enable  => true,
-          require => Package['sssd-dbus'],
-        }
-      }
-
       file { "/etc/pam.d/${foreman::pam_service}":
         ensure  => file,
         owner   => root,
@@ -246,6 +238,12 @@
           changes => $sssd_changes,
           notify  => Service['sssd'],
         }
+
+        service { 'sssd':
+          ensure  => running,
+          enable  => true,
+          require => Package['sssd-dbus'],
+        }
       }
 
       foreman::settings_fragment { 'authorize_login_delegation.yaml':

templates/apache_ipa_authentication.epp

@@ -3,7 +3,7 @@
   Stdlib::Absolutepath $keytab,
   Boolean $gssapi_local_name,
   Boolean $ipa_authentication_api,
--%>
+|-%>
 
 <Location /users/login>
   InterceptFormPAMService <%= $pam_service %>
@@ -42,7 +42,7 @@
 
 <LocationMatch ^/api(/v2)?/users/extlogin/?$>
   SSLRequireSSL
-  <% if $ipa_authentication_api -%>
+  <% if $ipa_authentication_api { -%>
   <If "%{HTTP:Authorization} =~ /^Basic/">
     AuthType Basic
     AuthName "PAM Authentication"
@@ -56,12 +56,12 @@
     GssapiSSLonly On
     GssapiLocalName <%= apache::bool2httpd($gssapi_local_name) %>
   </Else>
-  <% else -%>
+  <% } else { -%>
   AuthType Basic
   AuthName "PAM Authentication"
   AuthBasicProvider PAM
   AuthPAMService <%= $pam_service %>
-  <% end -%>
+  <% } -%>
   require pam-account <%= $pam_service %>
   ErrorDocument 401 '{ "error": "External authentication did not pass." }'
   # The following is needed as a workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1020087