diff --git a/README.md b/README.md
index 7f98b25..c0036ef 100644
--- a/README.md
+++ b/README.md
@@ -19,10 +19,12 @@ Role Variables
   * file : default account.csv csv file containing user to create:
 
 ```csv
-firstname,lastname,email,[password]
+firstname,lastname,email,[password][grou]
 ```
 
-password field optionnal - if empty will be generated automatically - WIP
+password field optionnal - if empty will be generated automatically
+
+group field optionnal - if not empty, user dn will be put as "member" of cn=group,org,basedn
 
 keep the final comma, though !
 
diff --git a/tasks/ldap_user_inc.yml b/tasks/ldap_user_inc.yml
index b081b31..2036e23 100644
--- a/tasks/ldap_user_inc.yml
+++ b/tasks/ldap_user_inc.yml
@@ -4,13 +4,14 @@
       firstname: "{{ item.firstname }}"
       lastname: "{{ item.lastname }}"
       email: "{{ item.email }}"
+      group: "{{ item.group | default ('') }}"
       dn: "uid={{ item[ nlu_dn_attribute ] |lower }},ou={{ org }},{{ ldap_base }}"
       password: "{{ (item.password=='')| ternary(lookup('community.general.random_string', min_lower=1, min_upper=1, special=false,min_numeric=1, length=14), item.password ) }}"
 
   - name: "add ldap account {{dn }}"
     community.general.ldap_entry:
-      bind_dn: "{{ binddn }}"
-      bind_pw: "{{ bindpwd }}"
+      bind_dn: "{{ ldap_binddn }}"
+      bind_pw: "{{ ldap_bindpwd }}"
       dn: "{{ dn }} "
       state: present
       objectClass:
@@ -26,6 +27,19 @@
         userPassword: "{{ password }}"
     register: result
 
+  - name: debug
+    ansible.builtin.debug:
+      msg: "group is =={{ group }}=="
+
+  - name: "add account to group"
+    when: group != ""
+    community.general.ldap_attrs:
+      dn: "cn={{ group }},ou={{ org }},{{ ldap_base }}"
+      bind_dn: "{{ ldap_binddn }}"
+      bind_pw: "{{ ldap_bindpwd }}"
+      attributes:
+        member: "{{ dn }}"
+
   - name: "account recap"
     ansible.builtin.lineinfile:
       path: "tmppassword.csv"
diff --git a/tasks/main.yml b/tasks/main.yml
index e48074d..392d587 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,18 +1,9 @@
 ---
-# ansible-playbook /etc/ansible/Playbooks/new_ldap_user.yml  -K --ask-vault-pass
-# --extra-vars="file=account.csv"
-  - name: set some vars
-    ansible.builtin.set_fact:
-      binddn: "{{ lookup( 'viczem.keepass.keepass', 'opendoor/collidine_ldap_password', 'username' ) }}"
-      bindpwd:  "{{ lookup( 'viczem.keepass.keepass', 'opendoor/collidine_ldap_password', 'password' ) }}"
-    tags: always
-    when: binddn is not defined
-
   - name: "add ldap ou ou={{ org }},{{ ldap_base }}"
     community.general.ldap_entry:
       dn: "ou={{ org }},{{ ldap_base }}"
-      bind_dn: "{{ binddn }}"
-      bind_pw: "{{ bindpwd }}"
+      bind_dn: "{{ ldap_binddn }}"
+      bind_pw: "{{ ldap_bindpwd }}"
       objectClass:
        - organizationalUnit
        - top