diff --git a/ansible/roles/openldap_directory/tasks/sudo.yaml b/ansible/roles/openldap_directory/tasks/sudo.yaml
index dfd8281..0307472 100644
--- a/ansible/roles/openldap_directory/tasks/sudo.yaml
+++ b/ansible/roles/openldap_directory/tasks/sudo.yaml
@@ -1,3 +1,21 @@
+- name: Ensure sudo defaults entry exists
+  community.general.ldap_entry:
+    dn: "cn=defaults,ou=SUDOers,dc=example,dc=com"
+    objectClass:
+      - top
+      - sudoRole
+    attributes:
+      cn: defaults
+      sudoOption:
+        - env_reset
+    state: present
+  args:
+    server_uri: "{{ ldap_uri }}"
+    bind_dn: "{{ ldap_admin_dn }}"
+    bind_pw: "{{ ldap_admin_pw }}"
+    start_tls: yes
+
+
 - name: Admin sudo rule
   community.general.ldap_entry:
     dn: "cn=admins-all,{{ ldap_sudo_ou }}"