---
# roles/ldap_server/tasks/schemas.yml
- name: Ensure LDAP core schema is loaded
  ansible.builtin.command: >
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif
  args:
    creates: /etc/openldap/schema/.core_loaded

- name: Ensure LDAP cosine schema is loaded
  ansible.builtin.command: >
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
  args:
    creates: /etc/openldap/schema/.cosine_loaded

- name: Ensure LDAP inetorgperson schema is loaded
  ansible.builtin.command: >
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
  args:
    creates: /etc/openldap/schema/.inetorgperson_loaded

- name: Ensure LDAP nis schema is loaded
  ansible.builtin.command: >
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
  args:
    creates: /etc/openldap/schema/.nis_loaded

#- name: Copy sudo schema into place
#  copy:
#    src: files/sudo.ldif
#    dest: /etc/openldap/schema/sudo.ldif
#    owner: ldap
#    group: ldap
#    mode: '0600'
#
#- name: Copy openssh schema into place
#  copy:
#    src: files/openssh.ldif
#    dest: /etc/openldap/schema/openssh.ldif
#    owner: ldap
#    group: ldap
#    mode: '0600'

#- name: Ensure custom LDAP schemas (sudo + openssh) are loaded
#  ansible.builtin.command: >
#    ldapadd -Y EXTERNAL -H ldapi:/// -f {{ item.file }}
#  args:
#    creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
#  loop:
#    - { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" }
#    - { name: "openssh", file: "/etc/openldap/schema/openssh.ldif" }
#  loop_control:
#    label: "{{ item.name }}"

# Touch marker files for idempotency (optional but recommended)
- name: Ensure marker files exist
  ansible.builtin.file:
    path: "/etc/openldap/schema/.{{ item.name }}_loaded"
    state: touch
  loop:
    - { name: "core" }
    - { name: "cosine" }
    - { name: "inetorgperson" }
    - { name: "nis" }
#    - { name: "sudo" }
#    - { name: "openssh" }