---
# Install and configure main LDAP tools
- include_tasks: install_ldap.yml

# Some userland scripts specific to LDAP install
- include_tasks: userland_scripts.yml

# Filter SSH on groups
- name: Filter SSH on groups
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: ^AllowGroups
    line: "AllowGroups {{ ssh_allow_groups }}"
    state: present

# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568577
- name: Ensure home directories are created upon login
  lineinfile:
    dest: /etc/pam.d/common-account
    regexp: 'pam_mkhomedir\.so'
    line: "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077"

# If LDAP crashes
- name: Install SSH keys for root account
  authorized_key:
    user: root
    key: "{{ ssh_pub_keys }}"
    state: present
    exclusive: true