---
- name: install ldap packages
  apt:
    name: "libnss-ldapd"
    state: present

# TODO: remove this step and switch to Let’s encrypt
- name: add ldap ca cert
  copy:
    src: ldapca.pem
    dest: /etc/ssl/certs/ldapca.pem

- name: add ldap global config
  template:
    src: ldap.conf.j2
    dest: /etc/ldap/ldap.conf

- name: configure nsswitch
  copy:
    src: nsswitch.conf
    dest: /etc/nsswitch.conf
    owner: root
    group: root
    mode: '0640'

- name: configure nslcd
  template:
    src: nslcd.conf.j2
    dest: /etc/nslcd.conf
    owner: root
    group: root
    mode: '0640'
  notify: restart nslcd

- name: add pam config for automated creation of the home directory
  copy:
    src: mkhomedir
    dest: /usr/share/pam-configs/mkhomedir
  notify: update pam