---
# Install and configure main LDAP tools
- include_tasks: install_ldap.yml

# Filter who can access server and sudo on groups
- include_tasks: 1_group_security.yml

# Some userland scripts specific to LDAP install
- include_tasks: 2_userland_scripts.yml

# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568577
- name: Ensure home directories are created upon login
  lineinfile:
    dest: /etc/pam.d/common-account
    regexp: 'pam_mkhomedir\.so'
    line: "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077"

# If LDAP crashes
- name: Install SSH keys for root account
  authorized_key:
    user: root
    key: "{{ ssh_pub_keys }}"
    state: present
    exclusive: true