- hosts: datacenter
  name: Install omv
  become: true
  become_user: root
  tasks:
    - name: Install ldap packages
      ansible.builtin.apt:
        name: 
          - libpam-ldapd
          - ldap-utils
          - libnss-ldapd
    # - name: Reconfigure ldap base
    #   ansible.builtin.lineinfile:
    #     path: /etc/ldap.conf
    #     regexp: "^base "
    #     line: "base dc=sectorq,dc=eu"

    # - name: Reconfigure ldap uri
    #   ansible.builtin.lineinfile:
    #     path: /etc/ldap.conf
    #     regexp: "^uri ldap.*"
    #     line: "uri ldaps://ldap-server.loc/"
    # - name: Reconfigure ldap version
    #   ansible.builtin.lineinfile:
    #     path: /etc/ldap.conf
    #     regexp: "^ldap_version.*"
    #     line: "ldap_version 3"

    # - name: Reconfigure ldap rootbinddn
    #   ansible.builtin.lineinfile:
    #     path: /etc/ldap.conf
    #     regexp: "^rootbinddn.*"
    #     line: "rootbinddn cn=admin,dc=sectorq,dc=eu"
    - name: Reconfigure common-session
      ansible.builtin.lineinfile:
        path: /etc/pam.d/common-session
        regexp: "^session optional pam_mkhomedir.so.*"
        line: "session optional pam_mkhomedir.so skel=/etc/skel umask=077"
    - name: Reconfigure common-session
      ansible.builtin.lineinfile:
        path: /etc/pam.d/common-session
        regexp: "^session.*pam_ldap.so.*"
        line: "session [success=ok default=ignore]     pam_ldap.so minimum_uid=1000"      
    - name: Reconfigure common-password
      ansible.builtin.lineinfile:
        path: /etc/pam.d/common-password
        regexp: "^password.*success=1 user_unknown=ignore default=die.*"
        line: "password        [success=1 default=ignore]     pam_ldap.so minimum_uid=1000 try_first_pass"
    - name: Reconfigure nsswitch passwd
      ansible.builtin.lineinfile:
        path: /etc/nsswitch.conf
        regexp: "^passwd:.*"
        line: "passwd:         compat systemd ldap"
    - name: Reconfigure nsswitch group
      ansible.builtin.lineinfile:
        path: /etc/nsswitch.conf
        regexp: "^group:.*"
        line: "group:          compat systemd ldap"
    - name: Reconfigure nsswitch shadow
      ansible.builtin.lineinfile:
        path: /etc/nsswitch.conf
        regexp: "^shadow:.*"
        line: "shadow:         compat ldap"

    - name: Reconfigure nslcd uri
      ansible.builtin.lineinfile:
        path: /etc/nslcd.conf
        regexp: "^uri ldap.*"
        line: "uri ldaps://ldap-server.loc/"


    - name: Reconfigure ldap base
      ansible.builtin.lineinfile:
        path: /etc/nslcd.conf
        regexp: "^base "
        line: "base dc=sectorq,dc=eu"


    - name: Reconfigure nslcd binddn
      ansible.builtin.lineinfile:
        path: /etc/nslcd.conf
        regexp: "^#binddn"
        line: "binddn cn=admin,dc=sectorq,dc=eu"
    - name: Reconfigure nslcd bindpw
      ansible.builtin.lineinfile:
        path: /etc/nslcd.conf
        regexp: "^#bindpw"
        line: "bindpw l4c1j4yd33Du5lo"
    # - name: Reconfigure ldap base
    #   ansible.builtin.lineinfile:
    #     path: /etc/nslcd.conf
    #     regexp: "^#ssl"
    #     line: "ssl start_tls"
    - name: Reconfigure nslcd tls_reqcert
      ansible.builtin.lineinfile:
        path: /etc/nslcd.conf
        regexp: "^#tls_reqcert"
        line: "tls_reqcert allow"
    - name: Restart nslcd service
      ansible.builtin.service:
        name: nslcd.service
        state: restarted