# synchronize user and group data from LDAP when sync-ldap context key is set to a realm
- block:
    - name: Install LDAP sync script
      template:
        dest: /usr/local/bin/sync-ldap.py
        src: sync-ldap.py.j2
        mode: 0700
      when: primary == inventory_hostname

    - name: Remove LDAP sync script
      file:
        path: /usr/local/bin/sync-ldap.py
        state: absent
      when: primary != inventory_hostname

    - name: Configure cronjob
      cron:
        name: 'sync LDAP users and groups'
        job: 'ip vrf exec default /usr/local/bin/sync-ldap.py'
        user: root
        cron_file: sync-ldap
        hour: "2"
        minute: "51"
        state: '{{ "present" if inventory_hostname == primary else "absent" }}'
  when: '"sync-ldap" in hostvars[inventory_hostname]'