diff --git a/ansible/roles/openldap_directory/tasks/groups.yaml b/ansible/roles/openldap_directory/tasks/groups.yaml
index 2089255..115620c 100644
--- a/ansible/roles/openldap_directory/tasks/groups.yaml
+++ b/ansible/roles/openldap_directory/tasks/groups.yaml
@@ -13,3 +13,18 @@
     bind_dn: "{{ ldap_admin_dn }}"
     bind_pw: "{{ ldap_admin_pw }}"
     start_tls: yes
+
+- name: Ensure group memberships are correct
+  community.general.ldap_attrs:
+    dn: "cn={{ item.name }},ou=Groups,{{ ldap_basedn }}"
+    attributes:
+      memberUid: "{{ item.members }}"
+    state: exact
+  loop: "{{ ldap_groups }}"
+  when: item.members is defined and item.members | length > 0
+  args:
+    server_uri: "{{ ldap_uri }}"
+    bind_dn: "{{ ldap_admin_dn }}"
+    bind_pw: "{{ ldap_admin_pw }}"
+    start_tls: yes
+