explicitly cast int, add top

2026-01-24 18:08:09 -07:00
parent efdafe72bb
commit 8d3a379440
1 changed files with 36 additions and 18 deletions
--- a/ansible/roles/openldap_directory/tasks/groups.yaml
+++ b/ansible/roles/openldap_directory/tasks/groups.yaml
@@ -1,30 +1,48 @@
+#- name: Ensure LDAP groups exist
+#  community.general.ldap_entry:
+#    dn: "cn={{ item.name }},ou=groups,{{ ldap_basedn }}"
+#    state: present
+#    objectClass:
+#      - posixGroup
+#    attributes:
+#      cn: "{{ item.name }}"
+#      gidNumber: "{{ item.gid }}"
+#  loop: "{{ ldap_groups }}"
+#  args:
+#    server_uri: "{{ ldap_uri }}"
+#    bind_dn: "{{ ldap_admin_dn }}"
+#    bind_pw: "{{ ldap_admin_pw }}"
+#    start_tls: yes
+#
+#- name: Ensure group memberships are correct
+#  community.general.ldap_attrs:
+#    dn: "cn={{ item.name }},ou=Groups,{{ ldap_basedn }}"
+#    attributes:
+#      memberUid: "{{ item.members }}"
+#    state: exact
+#  loop: "{{ ldap_groups }}"
+#  when: item.members is defined and item.members | length > 0
+#  args:
+#    server_uri: "{{ ldap_uri }}"
+#    bind_dn: "{{ ldap_admin_dn }}"
+#    bind_pw: "{{ ldap_admin_pw }}"
+#    start_tls: yes
+#
+#
 - name: Ensure LDAP groups exist
  community.general.ldap_entry:
-    dn: "cn={{ item.name }},ou=groups,{{ ldap_basedn }}"
+    dn: "cn={{ item.name }},ou=Groups,{{ ldap_basedn }}"
    state: present
    objectClass:
+      - top
      - posixGroup
    attributes:
      cn: "{{ item.name }}"
-      gidNumber: "{{ item.gid }}"
+      gidNumber: "{{ item.gid | int }}"
  loop: "{{ ldap_groups }}"
  args:
    server_uri: "{{ ldap_uri }}"
-    bind_dn: "{{ ldap_admin_dn }}"
-    bind_pw: "{{ ldap_admin_pw }}"
-    start_tls: yes
-
- name: Ensure group memberships are correct
-  community.general.ldap_attrs:
-    dn: "cn={{ item.name }},ou=Groups,{{ ldap_basedn }}"
-    attributes:
-      memberUid: "{{ item.members }}"
-    state: exact
-  loop: "{{ ldap_groups }}"
-  when: item.members is defined and item.members | length > 0
-  args:
-    server_uri: "{{ ldap_uri }}"
-    bind_dn: "{{ ldap_admin_dn }}"
-    bind_pw: "{{ ldap_admin_pw }}"
+    bind_dn: "{{ ldap_directory_bind_dn }}"
+    bind_pw: "{{ ldap_directory_bind_pw }}"
    start_tls: yes