- name: Install ldapsm
  include_role:
    name: pkgmgr-install
  vars:
    package_name: ldapsm

- name: Ensure OpenSSH-LPK schema via ldapsm
  vars:
    schema_name: "openssh-lpk"
    attribute_defs:
      - "( 1.3.6.1.4.1.24552.1.1 NAME 'sshPublicKey' DESC 'OpenSSH Public Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )"
      - "( 1.3.6.1.4.1.24552.1.2 NAME 'sshFingerprint' DESC 'OpenSSH Public Key Fingerprint' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )"
    objectclass_defs:
      - >-
        ( 1.3.6.1.4.1.24552.2.1
          NAME 'ldapPublicKey'
          DESC 'Auxiliary class for OpenSSH public keys'
          SUP top
          AUXILIARY
          MAY ( sshPublicKey $ sshFingerprint ) )

  command: >
    ldapsm
      -s {{ ldap_server_uri }}
      -D '{{ ldap_bind_dn }}'
      -W '{{ ldap_bind_pw }}'
      -n {{ schema_name }}
      {% for at in attribute_defs %}
      -a "{{ at }}"
      {% endfor %}
      {% for oc in objectclass_defs %}
      -c "{{ oc }}"
      {% endfor %}
  register: opensshlpk_ldapsm
  changed_when: "'Created schema entry' in opensshlpk_ldapsm.stdout"
  check_mode: no

- name: Show ldapsm output for openssh-lpk
  debug:
    var: opensshlpk_ldapsm.stdout_lines