---
# Install and configure main LDAP tools
- include_tasks: install_ldap.yml

# Disable passwd and chsh
- name: Copy passwd and chsh scripts
  template:
    src: bin/passwd.j2
    dest: "/usr/local/bin/{{ item }}"
    mode: 0755
  loop:
    - chsh
    - chsh.ldap
    - passwd

- name: Filter SSH on groups
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: ^AllowGroups
    line: "AllowGroups {{ ssh_allow_groups }}"
    state: present

- name: Configure sudoers
  template:
    src: "{{ item }}.j2"
    dest: "/etc/{{ item }}"
    mode: 0440
  loop:
    - sudoers.d/custom_passprompt
    - sudoers.d/group_privilege
    - sudoers