- name: Ensure LDAP groups exist
  community.general.ldap_entry:
    dn: "cn={{ item.name }},ou=groups,{{ ldap_basedn }}"
    state: present
    objectClass:
      - posixGroup
    attributes:
      cn: "{{ item.name }}"
      gidNumber: "{{ item.gid }}"
  loop: "{{ ldap_groups }}"
  args:
    server_uri: "{{ ldap_uri }}"
    bind_dn: "{{ ldap_admin_dn }}"
    bind_pw: "{{ ldap_admin_pw }}"
    start_tls: yes