---
  - name: set vars
    ansible.builtin.set_fact:
      firstname: "{{ item.firstname }}"
      lastname: "{{ item.lastname }}"
      email: "{{ item.email }}"
      group: "{{ item.group | default ('') }}"
      dn: "uid={{ item[ nlu_dn_attribute ] |lower }},{{ nlu_ldap_user_dn }}"
      password: "{{ (item.password=='')| ternary(lookup('community.general.random_string', min_lower=1, min_upper=1, special=false,min_numeric=1, length=14), item.password ) }}"

  - name: "add ldap account {{dn }}"
    community.general.ldap_entry:
      server_uri: "{{ nlu_ldap_uri }}"
      bind_dn: "{{ nlu_ldap_binddn }}"
      bind_pw: "{{ nlu_ldap_bindpw }}"
      dn: "{{ dn }} "
      state: present
      objectClass:
         - inetorgperson
         - inetLocalMailRecipient
      attributes:
        givenName: "{{ firstname }}"
        sn: "{{ lastname | default( firstname ) }}"
        cn: "{{ firstname }}"
        mail: "{{ email }}"
        PreferredDeliveryMethod: any
        displayName: "{{ firstname }} {{ lastname }}"
        userPassword: "{{ password }}"
    register: result

  - name: "add account to group"
    when: group != ""
    community.general.ldap_attrs:
      server_uri: "{{ nlu_ldap_uri }}"
      dn: "cn={{ group }},{{ nlu_ldap_group_dn }}"
      bind_dn: "{{ nlu_ldap_binddn }}"
      bind_pw: "{{ nlu_ldap_bindpw }}"
      attributes:
        member: "{{ dn }}"

  - name: "account recap"
    ansible.builtin.lineinfile:
      path: "tmppassword.csv"
      state: present
      create: true
      line: "{{ item[ nlu_dn_attribute ] }},{{ password }}"
    delegate_to: localhost
    become: false
    when: result.changed