add group membership check separately

2026-01-24 17:52:16 -07:00
parent 12d379197e
commit efdafe72bb
1 changed files with 15 additions and 0 deletions
--- a/ansible/roles/openldap_directory/tasks/groups.yaml
+++ b/ansible/roles/openldap_directory/tasks/groups.yaml
@@ -13,3 +13,18 @@
    bind_dn: "{{ ldap_admin_dn }}"
    bind_pw: "{{ ldap_admin_pw }}"
    start_tls: yes
+
+- name: Ensure group memberships are correct
+  community.general.ldap_attrs:
+    dn: "cn={{ item.name }},ou=Groups,{{ ldap_basedn }}"
+    attributes:
+      memberUid: "{{ item.members }}"
+    state: exact
+  loop: "{{ ldap_groups }}"
+  when: item.members is defined and item.members | length > 0
+  args:
+    server_uri: "{{ ldap_uri }}"
+    bind_dn: "{{ ldap_admin_dn }}"
+    bind_pw: "{{ ldap_admin_pw }}"
+    start_tls: yes
+