---
- name: install packages
  package:
    name: "{{ item }}"
    state: installed
  with_items:
    - nscd
    - nss-pam-ldapd

- name: configure nsswitch to use ldap
  lineinfile:
    path: /etc/nsswitch.conf
    regexp: "^{{ item }}:.*"
    line: "{{ item }}: files ldap"
  with_items:
    - passwd
    - shadow
    - group

- name: configure netgroup to use ldap
  lineinfile:
    path: /etc/nsswitch.conf
    regexp: "^netgroup:.*"
    line: "netgroup: ldap"

- name: allow nslcd user to read host key
  user:
    name: nslcd
    groups: hostkey

- name: create nslcd config
  template:
    dest: /etc/nslcd.conf
    src: nslcd.conf.j2
    mode: 0600
    owner: root
    group: root
  notify: restart nslcd

- name: enable nslcd and nscd
  service:
    name: "{{ item }}"
    enabled: true
    state: started
  with_items:
    - nslcd
    - nscd