- name: Set LDAP ACLs
  community.general.ldap_attrs:
    dn: olcDatabase={2}mdb,cn=config
    state: exact
    attributes:
      olcAccess:
        - >-
          to attrs=userPassword
          by dn="{{ ldap_admin_dn }}" write
          by dn="{{ ldap_bind_dn }}" read
          by self write
          by anonymous auth
          by * none
        - >-
          to attrs=uid
          by * read
          by anonymous read
          by * none
        - >-
          to attrs=cn,description,member,uniqueMember,memberUid
          by * read
          by * none
        - >-
          to *
          by * read
          by dn="{{ ldap_admin_dn }}" write
          by dn="{{ ldap_bind_dn }}" read
          by self read
          by * none
  args:
    server_uri: ldapi:///
    sasl_class: external