From 0f83b66f0ef67945aa6a25d3a998b6291b1a0c8c Mon Sep 17 00:00:00 2001
From: Thomas Constans <thomas@opendoor.fr>
Date: Mon, 12 Jan 2026 16:23:06 +0100
Subject: [PATCH] now we can set up server uri, group and user branches

---
 README.md               |  6 ++++--
 defaults/main.yml       |  2 ++
 tasks/ldap_user_inc.yml | 20 +++++++++-----------
 tasks/main.yml          |  7 ++++---
 4 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 3c36fc6..70b48ad 100644
--- a/README.md
+++ b/README.md
@@ -12,8 +12,10 @@ Role Variables
 --------------
 
   * org: no default
-  * ldap_base - from group variables
-  * ldap_group_dn - from group variables
+  * nlu_ldap_base - from group variables
+  * nlu_ldap_group_dn - from group variables
+  * nlu_ldap_user_dn - default to ou={{ org }},{{ nlu_ldap_base }}
+  * nlu_ldap_uri - default ldapi:///
   * nlu_dn_attribute - firstname or email - default to email
   * binddn - from group variables
   * bindpwd - from group variables
diff --git a/defaults/main.yml b/defaults/main.yml
index 949c5fe..b3ed91f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,3 +1,5 @@
 ---
 # defaults file for tco.new_ldap_user
 nlu_dn_attribute: email
+nlu_ldap_uri: ldapi:///
+nlu_ldap_user_dn: "ou={{ org }},{{ nlu_ldap_base }}"
diff --git a/tasks/ldap_user_inc.yml b/tasks/ldap_user_inc.yml
index a9f5bc1..e868554 100644
--- a/tasks/ldap_user_inc.yml
+++ b/tasks/ldap_user_inc.yml
@@ -5,13 +5,14 @@
       lastname: "{{ item.lastname }}"
       email: "{{ item.email }}"
       group: "{{ item.group | default ('') }}"
-      dn: "uid={{ item[ nlu_dn_attribute ] |lower }},ou={{ org }},{{ ldap_base }}"
+      dn: "uid={{ item[ nlu_dn_attribute ] |lower }},{{ nlu_ldap_user_dn }}"
       password: "{{ (item.password=='')| ternary(lookup('community.general.random_string', min_lower=1, min_upper=1, special=false,min_numeric=1, length=14), item.password ) }}"
 
   - name: "add ldap account {{dn }}"
     community.general.ldap_entry:
-      bind_dn: "{{ ldap_binddn }}"
-      bind_pw: "{{ ldap_bindpwd }}"
+      server_uri: "{{ nlu_ldap_uri }}"
+      bind_dn: "{{ nlu_ldap_binddn }}"
+      bind_pw: "{{ nlu_ldap_bindpw }}"
       dn: "{{ dn }} "
       state: present
       objectClass:
@@ -27,16 +28,13 @@
         userPassword: "{{ password }}"
     register: result
 
-  - name: debug
-    ansible.builtin.debug:
-      msg: "group is =={{ group }}=="
-
   - name: "add account to group"
     when: group != ""
     community.general.ldap_attrs:
-      dn: "cn={{ group }},{{ ldap_group_dn }}"
-      bind_dn: "{{ ldap_binddn }}"
-      bind_pw: "{{ ldap_bindpwd }}"
+      server_uri: "{{ nlu_ldap_uri }}"
+      dn: "cn={{ group }},{{ nlu_ldap_group_dn }}"
+      bind_dn: "{{ nlu_ldap_binddn }}"
+      bind_pw: "{{ nlu_ldap_bindpw }}"
       attributes:
         member: "{{ dn }}"
 
@@ -45,7 +43,7 @@
       path: "tmppassword.csv"
       state: present
       create: true
-      line: "{{ firstname | lower }},{{ password }}"
+      line: "{{ item[ nlu_dn_attribute ] }},{{ password }}"
     delegate_to: localhost
     become: false
     when: result.changed
diff --git a/tasks/main.yml b/tasks/main.yml
index 392d587..98106d1 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,9 +1,10 @@
 ---
   - name: "add ldap ou ou={{ org }},{{ ldap_base }}"
     community.general.ldap_entry:
-      dn: "ou={{ org }},{{ ldap_base }}"
-      bind_dn: "{{ ldap_binddn }}"
-      bind_pw: "{{ ldap_bindpwd }}"
+      server_uri: "{{ nlu_ldap_uri }}"
+      dn: "ou={{ org }},{{ nlu_ldap_base }}"
+      bind_dn: "{{ nlu_ldap_binddn }}"
+      bind_pw: "{{ nlu_ldap_bindpw }}"
       objectClass:
        - organizationalUnit
        - top