---
- block:
    - name: Install required packages
      package:
        name: "{{ item }}"
        state: present
      loop:
        - openldap-servers
        - openldap-clients

    - name: Ensure base directories exists at '{{ ldap_proxy_base_dir }}'
      file:
        path: "{{ item }}"
        state: directory
        owner: root
        group: root
      loop:
        - "{{ ldap_proxy_base_dir }}"
        - "{{ ldap_proxy_acl_file | dirname }}"

    - name: Deploy environment file
      template:
        src: "etc/sysconfig/slapd.j2"
        dest: "/etc/sysconfig/slapd"
        owner: root
        group: root
        mode: 0644
      notify: __slapd_restart

    - name: Deploy config file to '{{ ldap_proxy_base_dir }}/slapd.conf'
      template:
        src: "etc/openldap/slapd.conf.j2"
        dest: "{{ ldap_proxy_base_dir }}/slapd.conf"
        owner: root
        group: root
        mode: 0644
      notify: __slapd_restart

    - name: Deploy access control file '{{ ldap_proxy_acl_file }}'
      template:
        src: "etc/openldap/slapd.access.j2"
        dest: "{{ ldap_proxy_acl_file }}"
        owner: root
        group: root
        mode: 0644
      notify: __slapd_restart

    - name: Deploy custom ldap schemas
      copy:
        src: "{{ item }}"
        dest: "/etc/openldap/schema/{{ item | basename }}"
        owner: root
        group: root
        mode: 0644
      loop: "{{ ldap_proxy_custom_schemas }}"
      notify: __slapd_restart

    - name: Open ports in iptables
      iptables_raw:
        name: "{{ item.name }}"
        rules: "{{ item.rules }}"
        state: "{{ item.state }}"
        weight: "{{ item.weight | default(omit) }}"
        table: "{{ item.table | default(omit) }}"
      loop: "{{ ldap_proxy_open_ports }}"
      loop_control:
        label: "{{ item.name }}"
      when: ldap_proxy_iptables_enabled
  become: True
  become_user: root