infra/ansible/roles/openldap_server/tasks/schemas.yaml

---
# roles/ldap_server/tasks/schemas.yml
- name: Ensure LDAP core schema is loaded
  ansible.builtin.command: >
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif
  args:
    creates: /etc/openldap/schema/.core_loaded

- name: Ensure LDAP cosine schema is loaded
  ansible.builtin.command: >
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
  args:
    creates: /etc/openldap/schema/.cosine_loaded

- name: Ensure LDAP inetorgperson schema is loaded
  ansible.builtin.command: >
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
  args:
    creates: /etc/openldap/schema/.inetorgperson_loaded

- name: Ensure LDAP nis schema is loaded
  ansible.builtin.command: >
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
  args:
    creates: /etc/openldap/schema/.nis_loaded

- name: Ensure custom LDAP schemas (sudo + openssh) are loaded
  ansible.builtin.command: >
    ldapadd -Y EXTERNAL -H ldapi:/// -f {{ item.file }}
  args:
    creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
  loop:
    - { name: "sudo", file: "{{ playbook_dir }}/roles/openldap_server/tasks/files/sudo.ldif" }
    - { name: "openssh", file: "{{ playbook_dir }}/roles/openldap_server/tasks/files/openssh.ldif" }
  loop_control:
    label: "{{ item.name }}"

# Touch marker files for idempotency (optional but recommended)
- name: Ensure marker files exist
  ansible.builtin.file:
    path: "/etc/openldap/schema/.{{ item.name }}_loaded"
    state: touch
  loop:
    - { name: "core" }
    - { name: "cosine" }
    - { name: "inetorgperson" }
    - { name: "nis" }
    - { name: "sudo" }
    - { name: "openssh" }