From 8d3a3794404b596294b6df691696ce3cb359ac3b Mon Sep 17 00:00:00 2001
From: Jonathan DeMasi <jrdemasi@gmail.com>
Date: Sat, 24 Jan 2026 18:08:09 -0700
Subject: [PATCH] explicitly cast int, add top

---
 .../openldap_directory/tasks/groups.yaml      | 54 ++++++++++++-------
 1 file changed, 36 insertions(+), 18 deletions(-)

diff --git a/ansible/roles/openldap_directory/tasks/groups.yaml b/ansible/roles/openldap_directory/tasks/groups.yaml
index 115620c..74efa1a 100644
--- a/ansible/roles/openldap_directory/tasks/groups.yaml
+++ b/ansible/roles/openldap_directory/tasks/groups.yaml
@@ -1,30 +1,48 @@
+#- name: Ensure LDAP groups exist
+#  community.general.ldap_entry:
+#    dn: "cn={{ item.name }},ou=groups,{{ ldap_basedn }}"
+#    state: present
+#    objectClass:
+#      - posixGroup
+#    attributes:
+#      cn: "{{ item.name }}"
+#      gidNumber: "{{ item.gid }}"
+#  loop: "{{ ldap_groups }}"
+#  args:
+#    server_uri: "{{ ldap_uri }}"
+#    bind_dn: "{{ ldap_admin_dn }}"
+#    bind_pw: "{{ ldap_admin_pw }}"
+#    start_tls: yes
+#
+#- name: Ensure group memberships are correct
+#  community.general.ldap_attrs:
+#    dn: "cn={{ item.name }},ou=Groups,{{ ldap_basedn }}"
+#    attributes:
+#      memberUid: "{{ item.members }}"
+#    state: exact
+#  loop: "{{ ldap_groups }}"
+#  when: item.members is defined and item.members | length > 0
+#  args:
+#    server_uri: "{{ ldap_uri }}"
+#    bind_dn: "{{ ldap_admin_dn }}"
+#    bind_pw: "{{ ldap_admin_pw }}"
+#    start_tls: yes
+#
+#
 - name: Ensure LDAP groups exist
   community.general.ldap_entry:
-    dn: "cn={{ item.name }},ou=groups,{{ ldap_basedn }}"
+    dn: "cn={{ item.name }},ou=Groups,{{ ldap_basedn }}"
     state: present
     objectClass:
+      - top
       - posixGroup
     attributes:
       cn: "{{ item.name }}"
-      gidNumber: "{{ item.gid }}"
+      gidNumber: "{{ item.gid | int }}"
   loop: "{{ ldap_groups }}"
   args:
     server_uri: "{{ ldap_uri }}"
-    bind_dn: "{{ ldap_admin_dn }}"
-    bind_pw: "{{ ldap_admin_pw }}"
-    start_tls: yes
-
-- name: Ensure group memberships are correct
-  community.general.ldap_attrs:
-    dn: "cn={{ item.name }},ou=Groups,{{ ldap_basedn }}"
-    attributes:
-      memberUid: "{{ item.members }}"
-    state: exact
-  loop: "{{ ldap_groups }}"
-  when: item.members is defined and item.members | length > 0
-  args:
-    server_uri: "{{ ldap_uri }}"
-    bind_dn: "{{ ldap_admin_dn }}"
-    bind_pw: "{{ ldap_admin_pw }}"
+    bind_dn: "{{ ldap_directory_bind_dn }}"
+    bind_pw: "{{ ldap_directory_bind_pw }}"
     start_tls: yes