missing defaults

2026-01-25 22:24:47 -07:00
parent 107fcf3cf0
commit 5a1e0bf333
1 changed files with 18 additions and 0 deletions
--- a/ansible/roles/openldap_directory/tasks/sudo.yaml
+++ b/ansible/roles/openldap_directory/tasks/sudo.yaml
@@ -1,3 +1,21 @@
+- name: Ensure sudo defaults entry exists
+  community.general.ldap_entry:
+    dn: "cn=defaults,ou=SUDOers,dc=example,dc=com"
+    objectClass:
+      - top
+      - sudoRole
+    attributes:
+      cn: defaults
+      sudoOption:
+        - env_reset
+    state: present
+  args:
+    server_uri: "{{ ldap_uri }}"
+    bind_dn: "{{ ldap_admin_dn }}"
+    bind_pw: "{{ ldap_admin_pw }}"
+    start_tls: yes
+
+
 - name: Admin sudo rule
  community.general.ldap_entry:
    dn: "cn=admins-all,{{ ldap_sudo_ou }}"