xoxys.pve/tasks/auth.yml

---
- block:
    - name: Create tmp folder for pve
      file:
        path: "{{ __pve_tmp_dir }}"
        recurse: yes
        state: directory

    - name: Configure auth provider
      template:
        src: etc/pve/domains.cfg.j2
        dest: "{{ __pve_tmp_dir }}/domains.cfg"
        owner: root
        group: www-data
        mode: 0640
      register: __pve_domains_copy

    - name: Copy auth provider to pve filesystem
      command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
      changed_when: __pve_domains_copy.changed
  become: True
  become_user: root

- block:
    - name: Ensure path for auth file exists
      file:
        path: "{{ __pve_base_dir }}/priv/ldap"
        recurse: yes
        state: directory

    - name: Add passwd file for ldap bind
      template:
        src: etc/pve/priv/ldap.pw.j2
        dest: "{{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw"
        owner: root
        group: www-data
        mode: 0640
      register: __pve_auth_copy

    - name: Copy passwd file to pve filesystem
      command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw"
      changed_when: __pve_auth_copy.changed
  become: True
  become_user: root
  when:
    - pve_auth_ldap_enabled | bool
    - pve_auth_ldap_bind_password is defined