---
  - name: add ldap ou
    community.general.ldap_entry:
      dn: "ou={{ org }},{{ ldap_base }}"
      bind_dn: "{{ binddn }}"
      bind_pw: "{{ bindpwd }}"
      objectClass:
       - organizationalUnit
       - top

  - name: add ldap account
    vars:
      firstname: "{{ item.firstname }}"
      lastname: "{{ item.lastname }}"
      email: "{{ item.email }}"
      password: "{{ (item.password=='')| ternary(lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=14), item.password ) }}"
    community.general.ldap_entry:
      bind_dn: "{{ binddn }}"
      bind_pw: "{{ bindpwd }}"
      dn: "uid={{ firstname |lower }}, ou={{ org }},{{ ldap_base }}"
      state: present
      objectClass:
         - inetorgperson
         - inetLocalMailRecipient
      attributes:
        givenName: "{{ firstname }}"
        sn: "{{ lastname | default( firstname ) }}"
        cn: "{{ firstname }}"
        mail: "{{ email }}"
        uid: "{{ firstname | lower }}"
        PreferredDeliveryMethod: any
        displayName: "{{ firstname }} {{ lastname }}"
        userPassword: "{{ password }}"