infra/ansible/roles/openldap_server/tasks/schemas.yaml

- name: List existing schemas
  command: >
    ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
  register: ldap_schemas
  changed_when: false

#- name: Load cosine schema
#  command: >
#    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
#  when: "'cn=cosine,cn=schema,cn=config' not in ldap_schemas.stdout"
#
#- name: Load inetorgperson schema
#  command: >
#    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
#  when: "'cn=inetorgperson,cn=schema,cn=config' not in ldap_schemas.stdout"
#
#- name: Load nis schema
#  command: >
#    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
#  when: "'cn=nis,cn=schema,cn=config' not in ldap_schemas.stdout"

#- name: Load sudo schema
#  command: >
#    ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/share/doc/sudo/schema.OpenLDAP
#  when: "'cn=sudo,cn=schema,cn=config' not in ldap_schemas.stdout"
#
- name: Load OpenSSH public key schema
  command: >
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/openssh-lpk.ldif
  when: "'cn=openssh-lpk,cn=schema,cn=config' not in ldap_schemas.stdout"