From 5f7b68fb44026c7829161371e8bf95f0ba44721a Mon Sep 17 00:00:00 2001
From: Thomas Constans <thomas@opendoor.fr>
Date: Tue, 4 Nov 2025 17:09:20 +0100
Subject: [PATCH] ldap groupdn now a var

---
 README.md               | 1 +
 tasks/ldap_user_inc.yml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7e1163e..3c36fc6 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,7 @@ Role Variables
 
   * org: no default
   * ldap_base - from group variables
+  * ldap_group_dn - from group variables
   * nlu_dn_attribute - firstname or email - default to email
   * binddn - from group variables
   * bindpwd - from group variables
diff --git a/tasks/ldap_user_inc.yml b/tasks/ldap_user_inc.yml
index 2036e23..a9f5bc1 100644
--- a/tasks/ldap_user_inc.yml
+++ b/tasks/ldap_user_inc.yml
@@ -34,7 +34,7 @@
   - name: "add account to group"
     when: group != ""
     community.general.ldap_attrs:
-      dn: "cn={{ group }},ou={{ org }},{{ ldap_base }}"
+      dn: "cn={{ group }},{{ ldap_group_dn }}"
       bind_dn: "{{ ldap_binddn }}"
       bind_pw: "{{ ldap_bindpwd }}"
       attributes: