- name: "[CONFIG CENTRALIZED AUTH] Comprobando si es necesario configurar centralized auth"
  meta: end_host
  when: centralized_auth_enabled is not defined or not centralized_auth_enabled

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# configure centralized authentication [nslcd]
# paso1 - Copy
- name: copy file nslcd.conf
  copy:
    src: nslcd.conf
    dest: /etc/nslcd.conf
    owner: root
    group: nslcd
    mode: '0640'
    backup: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   
# paso2 - lineinfile password with vault
- name: add password with ansible vault to file nslcd.conf
  lineinfile:
    dest: /etc/nslcd.conf
    regexp: "{{item.regexp}}"
    line: "{{item.line}}"
    state: present
  with_items: 
    - regexp: "^bindpw"
      line: "bindpw {{ bindpw_password }}"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso3 - editar lineas fichero /etc/nsswitch.conf
- name: edit file /etc/nsswitch.conf
  lineinfile:
    dest: /etc/nsswitch.conf
    regexp: "{{item.regexp}}"
    line: "{{item.line}}"
    state: present
  with_items:
    - regexp: "^passwd:"
      line: "passwd:         files systemd ldap"
    - regexp: "^group:"
      line: "group:          files systemd ldap"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso4 - reconfigure PAM to use LDAP
- name: reconfigure PAM to use LDAP
  shell: pam-auth-update --enable ldap
  notify: restart nslcd
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# service should start on boot.
- name: service should start on boot
  service:
    name: "{{ nslcd_daemon }}"
    enabled: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++