# synchronize user and group data from LDAP when sync-ldap context key is set to a realm
- name: Set up LDAP user synchronization
  when: '"sync-ldap" in hostvars[inventory_hostname]'
  block:
    - name: Install dependencies
      package:
        name:
          - python3-ldap3

    - name: Install LDAP sync script
      template:
        dest: /usr/local/bin/sync-ldap.py
        src: sync-ldap.py.j2
        mode: 0700
      when: is_primary

    - name: Remove LDAP sync script
      file:
        path: /usr/local/bin/sync-ldap.py
        state: absent
      when: not is_primary

    - name: Configure cronjob
      cron:
        name: 'sync LDAP users and groups'
        job: 'ip vrf exec default /usr/local/bin/sync-ldap.py'
        user: root
        cron_file: sync-ldap
        hour: "2"
        minute: "51"
        state: '{{ "present" if is_primary else "absent" }}'