# synchronize user and group data from LDAP when sync-ldap context key is set to a realm - name: Set up LDAP user synchronization when: '"sync-ldap" in hostvars[inventory_hostname]' block: - name: Install dependencies package: name: - python3-ldap3 - name: Install LDAP sync script template: dest: /usr/local/bin/sync-ldap.py src: sync-ldap.py.j2 mode: 0700 when: is_primary - name: Remove LDAP sync script file: path: /usr/local/bin/sync-ldap.py state: absent when: not is_primary - name: Configure cronjob cron: name: 'sync LDAP users and groups' job: 'ip vrf exec default /usr/local/bin/sync-ldap.py' user: root cron_file: sync-ldap hour: "2" minute: "51" state: '{{ "present" if is_primary else "absent" }}'