---

- hosts: all
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: yes
      changed_when: False

- hosts: parameters-mandatory
  roles:
    - ldap_client

- hosts: parameters-optional
  roles:
    - role: ldap_client
      ldap_client_config:
        - comment: CA truststore
          option: TLS_CACERT
          value: /etc/ssl/certs/testca.cert.pem
        - comment: Ensure TLS is enforced
          option: TLS_REQCERT
          value: demand
        - comment: Default URI to connect to
          option: URI
          value: ldaps://ldap-server/
        - comment: Base entry
          option: BASE
          value: dc=local