- name: Ensure sudo defaults entry exists
  community.general.ldap_entry:
    dn: "cn=defaults,{{ ldap_sudo_ou }}"
    objectClass:
      - top
      - sudoRole
    attributes:
      cn: defaults
      sudoOption:
        - env_reset
    state: present
  args:
    server_uri: "{{ ldap_uri }}"
    bind_dn: "{{ ldap_admin_dn }}"
    bind_pw: "{{ ldap_admin_pw }}"
    start_tls: yes

- name: Admin sudo rule
  community.general.ldap_entry:
    dn: "cn=admins-all,{{ ldap_sudo_ou }}"
    state: present
    objectClass: sudoRole
    attributes:
      cn: admins-all
      sudoUser: "%admins"
      sudoHost: ALL
      sudoCommand: ALL
  args:
    server_uri: "{{ ldap_uri }}"
    bind_dn: "{{ ldap_admin_dn }}"
    bind_pw: "{{ ldap_admin_pw }}"
    start_tls: yes