infra/ansible/roles/openldap_directory/tasks/base.yaml

- name: Ensure base DN exists
  community.general.ldap_entry:
    dn: "{{ ldap_basedn }}"
    state: present
    objectClass:
      - top
      - dcObject
      - organization
    attributes:
      dc: "{{ ldap_basedn.split(',')[0].split('=')[1] }}"
      o: "{{ ldap_org_name }}"
  args:
    server_uri: "{{ ldap_uri }}"
    bind_dn: "{{ ldap_admin_dn }}"
    bind_pw: "{{ ldap_admin_pw }}"
    start_tls: yes

- name: Create base OUs
  community.general.ldap_entry:
    dn: "{{ item }}"
    state: present
    objectClass: organizationalUnit
  loop:
    - "{{ ldap_people_ou }}"
    - "{{ ldap_groups_ou }}"
    - "{{ ldap_sudo_ou }}"
  args:
    server_uri: "{{ ldap_uri }}"
    bind_dn: "{{ ldap_admin_dn }}"
    bind_pw: "{{ ldap_admin_pw }}"
    start_tls: yes