Hide user passwords on use creation in ldap

[gboutry]

We have the passwords in clear text on the stdout:

TASK [tosit.tdp_prerequisites.ldap_kerberos : Create LDAP groups] *******************************************************************************************************************************************************************
changed: [master-01] => (item={'user': 'tdp_user', 'password': 'tdp_user123', 'group': 'tdp_user', 'uid': 1101, 'gid': 1101})
changed: [master-01] => (item={'user': 'smoke_user', 'password': 'smoke_user123', 'group': 'smoke_user', 'uid': 1102, 'gid': 1102})

It's ok for tdp_user and smoke_user, but we want users to be able to use this task to create their on own users.

[kpgtek]

After testing, I think this issue is already fixed with loop_control in roles/ldap_kerberos/tasks/install_openldap_server.yml:

  loop_control:
    label:
      user: "{{ item.user }}"
      uid: "{{ item.uid }}"
      gid: "{{ item.gid }}"

And now we have on the stdout for example:

TASK [tosit.tdp_prerequisites.ldap_kerberos : Create LDAP users] *************************************************************************
ok: [master-01] => (item={'user': 'usera', 'uid': '1101', 'gid': '1101'})
ok: [master-01] => (item={'user': 'userb', 'uid': '1102', 'gid': '1102'})

[rpignolet]

This is not fixed, there is no loop_control for Create LDAP groups. @kpgtek you look at Create LDAP users which have a loop_control.

[kpgtek]

After checking again, I can not reproduce the original stdout of this issue. What I have is the following stdout which does not contain user passwords in clear text:

TASK [tosit.tdp_prerequisites.ldap_kerberos : Create LDAP groups] ******************************************************************************
changed: [master-01] => (item={'group': 'usera', 'gid': 1101})
changed: [master-01] => (item={'group': 'userb', 'gid': 1102})

TASK [tosit.tdp_prerequisites.ldap_kerberos : Create LDAP users] *******************************************************************************
changed: [master-01] => (item={'user': 'usera', 'uid': '1101', 'gid': '1101'})
changed: [master-01] => (item={'user': 'userb', 'uid': '1102', 'gid': '1102'})

Otherwise perharps do you think it is better to apply also the loop_control for the Create LDAP groups task as it is done for the Create LDAP users task?