---
# Install and configure main LDAP tools
- include_tasks: install_ldap.yml

# Disable passwd and chsh
- name: Copy passwd and chsh scripts
  template:
    src: bin/passwd.j2
    dest: "/usr/local/bin/{{ item }}"
    mode: 0755
  loop:
    - chsh
    - chsh.ldap
    - passwd

- name: Filter SSH on groups
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: ^AllowGroups
    line: "AllowGroups {{ ssh_allow_groups }}"
    state: present

- name: Configure sudoers
  template:
    src: "{{ item }}.j2"
    dest: "/etc/{{ item }}"
    mode: 0440
  loop:
    - sudoers.d/custom_passprompt
    - sudoers.d/group_privilege
    - sudoers

# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568577
- name: Ensure home directories are created upon login
  lineinfile:
    dest: /etc/pam.d/common-account
    regexp: 'pam_mkhomedir\.so'
    line: "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077"