infra/ansible/roles/openldap_directory/tasks/sudo.yaml

- name: Admin sudo rule
  community.general.ldap_entry:
    dn: "cn=admins-all,{{ ldap_sudo_ou }}"
    state: present
    objectClass: sudoRole
    attributes:
      cn: admins-all
      sudoUser: "%admins"
      sudoHost: ALL
      sudoCommand: ALL
  args:
    server_uri: "{{ ldap_uri }}"
    bind_dn: "{{ ldap_admin_dn }}"
    bind_pw: "{{ ldap_admin_pw }}"
    start_tls: yes