From 16b86e616a14af44ee7bb5f70c260bc63731ab96 Mon Sep 17 00:00:00 2001
From: Jonathan DeMasi <jrdemasi@gmail.com>
Date: Sat, 24 Jan 2026 17:03:38 -0700
Subject: [PATCH] Missing groups tasks

---
 .../host_vars/ldap.home.jthan.io/vars.yaml        |  6 ++++++
 .../roles/openldap_directory/tasks/groups.yaml    | 15 +++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 ansible/roles/openldap_directory/tasks/groups.yaml

diff --git a/ansible/inventories/production/host_vars/ldap.home.jthan.io/vars.yaml b/ansible/inventories/production/host_vars/ldap.home.jthan.io/vars.yaml
index 933a0a8..ec1a672 100644
--- a/ansible/inventories/production/host_vars/ldap.home.jthan.io/vars.yaml
+++ b/ansible/inventories/production/host_vars/ldap.home.jthan.io/vars.yaml
@@ -21,3 +21,9 @@ ldap_users:
     ssh_keys:
       - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQyLuuN1SYM3ise8983bA7tT5VJqAI5CpPV1whEA9VF
 
+ldap_groups:
+  - name: jonathan
+    gid: 10001
+    members:
+      - jonathan
+
diff --git a/ansible/roles/openldap_directory/tasks/groups.yaml b/ansible/roles/openldap_directory/tasks/groups.yaml
new file mode 100644
index 0000000..a7a4c01
--- /dev/null
+++ b/ansible/roles/openldap_directory/tasks/groups.yaml
@@ -0,0 +1,15 @@
+- name: Ensure LDAP groups exist
+  community.general.ldap_entry:
+    dn: "cn={{ item.name }},ou=Groups,{{ ldap_basedn }}"
+    state: present
+    objectClass:
+      - posixGroup
+    attributes:
+      cn: "{{ item.name }}"
+      gidNumber: "{{ item.gid }}"
+  loop: "{{ ldap_groups }}"
+  args:
+    server_uri: "{{ ldap_uri }}"
+    bind_dn: "{{ ldap_directory_bind_dn }}"
+    bind_pw: "{{ ldap_directory_bind_pw }}"
+    start_tls: yes