---
# Install LDAP client packages
- name: Install LDAP client packages
  apt:
    update_cache: true
    name:
      - nslcd
      - libnss-ldapd
      - libpam-ldapd
      - nscd  # local cache
    state: present
  register: apt_result
  retries: 3
  until: apt_result is succeeded

# Configure /etc/nslcd.conf
- name: Configure nslcd LDAP credentials
  template:
    src: nslcd.conf.j2
    dest: /etc/nslcd.conf
    mode: 0600
  notify: Restart nslcd service

# Configure /etc/nsswitch.conf
- name: Configure NSS to use LDAP
  lineinfile:
    dest: /etc/nsswitch.conf
    regexp: "^{{ item }}:"
    line: "{{ item }}:         files ldap systemd"
  loop:
    - passwd
    - group
    - shadow
  notify: Restart nslcd service