- name: Render user LDIFs
  ansible.builtin.template:
    src: user.ldif.j2
    dest: "/tmp/ldap-user-{{ item.uid }}.ldif"
    mode: '0600'
  loop: "{{ ldap_users }}"
  loop_control:
    loop_var: user

- name: Ensure users exist
  community.general.ldap_entry:
    dn: "uid={{ item.uid }},{{ ldap_people_ou }}"
    state: present
    objectClass:
      - inetOrgPerson
      - posixAccount
      - ldapPublicKey
    attributes:
      cn: "{{ item.cn }}"
      sn: "{{ item.sn }}"
      uid: "{{ item.uid }}"
      uidNumber: "{{ item.uidNumber }}"
      gidNumber: "{{ item.gidNumber }}"
      homeDirectory: "/home/{{ item.uid }}"
      loginShell: /bin/bash
  loop: "{{ ldap_users }}"
  args:
    server_uri: "{{ ldap_uri }}"
    bind_dn: "{{ ldap_admin_dn }}"
    bind_pw: "{{ ldap_admin_pw }}"
    start_tls: yes