---
- name: Ensure ACLs are configured
  community.general.ldap_attrs:
    dn: "{{ openldap_default_database_config }}"
    attributes:
      olcAccess: "{{ openldap_config_db_olc_access }}"
    state: "exact"
    server_uri: "{{ openldap_socket_url }}"
  retries: 3
  delay: 3
  register: openldap_acl_result
  until: openldap_acl_result is succeeded

- name: Ensure LDAP DIT is configured
  when:
    - openldap_default_database_root_dn is defined
    - openldap_default_database_root_pw is defined
  vars:
    _meta: &openldap_bind_info
      bind_dn: "{{ openldap_default_database_root_dn }}"
      bind_pw: "{{ openldap_default_database_root_pw }}"
      server_uri: "{{ openldap_socket_url }}"
  block:
    - name: Ensure rootDN + credentials are correct
      community.general.ldap_attrs:
        dn: "{{ openldap_default_database_config }}"
        attributes: "{{ {entry.key: entry.value} }}"
        state: "exact"
        server_uri: "{{ openldap_socket_url }}"
      no_log: "{{ entry.log is defined and not entry.log }}"
      loop:
        - key: "olcRootDN"
          value: "{{ openldap_default_database_root_dn }}"
        - key: "olcRootPW"
          value: "{{ openldap_default_database_root_pw }}"
          log: false
      loop_control:
        loop_var: "entry"
        label: "{{ entry.key }}"

    - name: Ensure root node is {{ openldap_state }}
      community.general.ldap_entry:
        dn: "{{ openldap_dn }}"
        objectClass: "{{ openldap_root_node_object_classes }}"
        attributes:
          dc: "{{ openldap_root_node_dc }}"
          o: "{{ openldap_root_node_o }}"
        <<: *openldap_bind_info

    - name: Ensure root node attributes are up to date
      community.general.ldap_attrs:
        dn: "{{ openldap_dn }}"
        attributes:
          dc: "{{ openldap_root_node_dc }}"
          o: "{{ openldap_root_node_o }}"
        state: exact
        <<: *openldap_bind_info
      when: openldap_state == 'present'