render ldifs

ansible/roles/openldap_directory/tasks/templates/user.ldif.j2

@@ -0,0 +1,20 @@
+dn: uid={{ user.uid }},ou=People,{{ ldap_basedn }}
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: ldapPublicKey
+
+uid: {{ user.uid }}
+cn: {{ user.cn }}
+sn: {{ user.sn }}
+uidNumber: {{ user.uidNumber }}
+gidNumber: {{ user.gidNumber }}
+homeDirectory: /home/{{ user.uid }}
+loginShell: {{ user.shell | default('/bin/bash') }}
+{% if user.ssh_keys is defined %}
+{% for key in user.ssh_keys %}
+sshPublicKey: {{ key }}
+{% endfor %}
+{% endif %}
+

ansible/roles/openldap_directory/tasks/users.yaml

@@ -1,3 +1,12 @@
+- name: Render user LDIFs
+  ansible.builtin.template:
+    src: user.ldif.j2
+    dest: "/tmp/ldap-user-{{ item.uid }}.ldif"
+    mode: '0600'
+  loop: "{{ ldap_users }}"
+  loop_control:
+    loop_var: user
+
 - name: Ensure users exist
   community.general.ldap_entry:
     dn: "uid={{ item.uid }},{{ ldap_people_ou }}"