---
- name: 'renewing admin password - generation'
  gen_passwd: 'length=32'
  register: new_passwd
  no_log: true

- name: 'renewing admin password - set fact'
  set_fact:
    ldap_passwd: '{{ new_passwd.passwd }}'
  no_log: true

- name: 'renewing admin password - hashing'
  shell: >
    slappasswd
    -o module-load=pw-sha2
    -h "{SSHA512}"
    -s {{ ldap_passwd | quote }}
  register: new_passwd_hash
  no_log: true

- name: 'renewing admin password - setting RootPW'
  ldap_attr:
    dn: 'olcDatabase={1}mdb,cn=config'
    name: 'olcRootPW'
    values: >-
      {{ new_passwd_hash.stdout }}
    state: 'exact'
  diff: false
  no_log: true

- name: 'renewing admin password - calling ldappasswd'
  ldap_passwd:
    dn: 'cn=admin,{{ ldap_basedn }}'
    passwd: '{{ ldap_passwd }}'
    bind_dn: 'cn=admin,{{ ldap_basedn }}'
    bind_pw: '{{ ldap_passwd }}'
...