diff --git a/ansible/playbook-auth-usersldap.yml b/ansible/playbook-auth-usersldap.yml
index 1d3ee69ec0ae0854a3af7739a163e71831e934e5..697ac724f1b15846c13356895a5289af3e3d6015 100644
--- a/ansible/playbook-auth-usersldap.yml
+++ b/ansible/playbook-auth-usersldap.yml
@@ -1,5 +1,5 @@
 # https://intragate.ec.europa.eu/snet/wiki/index.php/Service_Support/Application_Management_Service/Snet_AAA/Account_creation_and_deletion_of_Snet_members
-# ansible-playbook-2.9 playbook-auth-usersldap.yml --extra-vars "username=xxx" -kK --tags "add_user/rm_user, mandatory" -u snet
+# ansible-playbook-2.9 playbook-auth-usersldap.yml --extra-vars "username=xxx scrat_user=xxx" -kK --tags "add_user/rm_user, mandatory" -u snet
 # To run specific task:
 # ansible-playbook-2.9 playbook-auth-usersldap.yml --extra-vars "username=xxx" -kK --tags "propagate" -u snet
 
@@ -28,46 +28,51 @@
 
   tasks:
 
-    - name: debug
-      debug:
-        msg: "The username is {{ username }}"
+    - name: check| whoami
+      block:
 
-    # getent passwd will return an non zero exit code (2), if the account do not exist in the system (ldap)
-    - name: grab passwd
-      shell: "/usr/bin/getent passwd {{ username }}"
-      register: register_username
-      delegate_to: localhost
-      changed_when: False
-      ignore_errors: yes
+        - name: debug
+          debug:
+            msg: "The username is {{ username }}"
+
+        # getent passwd will return an non zero exit code (2), if the account do not exist in the system (ldap)
+        - name: grab passwd
+          shell: "/usr/bin/getent passwd {{ username }}"
+          register: register_username
+          delegate_to: localhost
+          changed_when: False
+          ignore_errors: yes
+
+        - name: check that user is known
+          fail:
+            msg: "Account {{ username }} is not resolved by the system. Is it created on the LDAP? Did you make a typo?"
+          when: register_username.rc != 0
 
-    - name: check that user is known
-      fail:
-        msg: "Account {{ username }} is not resolved by the system. Is it created on the LDAP? Did you make a typo?"
-        when: register_username.rc != 0
+        - name: debug
+          debug:
+            msg: "The username is {{ register_username }}"
 
-    - name: debug
-      debug:
-        msg: "The username is {{ register_username }}"
+        - name: grab whoami
+          shell: /usr/bin/whoami
+          register: register_whoami
+          delegate_to: localhost
+          changed_when: False
 
-    - name: grab whoami
-      shell: /usr/bin/whoami
-      register: register_whoami
-      delegate_to: localhost
-      changed_when: False
+        - name: set whoami var
+          set_fact:
+            whoami: "{{register_whoami.stdout}}"
+          changed_when: False
 
-    - name: set whoami var
-      set_fact:
-        whoami: "{{register_whoami.stdout}}"
-      changed_when: False
+#        - name: check that user is known
+#          fail:
+#            msg: "whoami should not be snet or www-data not: '{{whoami}}'"
+#          when: "whoami in ['snet', 'www-data', 'root', 'unknown']"
 
-    - name: check that user is known
-      fail:
-        msg: "whoami should not be snet or www-data not: '{{whoami}}'"
-      when: "whoami in ['snet', 'www-data', 'root', 'unknown']"
+        - name: debug
+          debug:
+            msg: "The whoami is {{ whoami }}"
 
-    - name: debug
-      debug:
-        msg: "The whoami is {{ whoami }}"
+      tags: always 
 
 ##########
 #Add user#
@@ -159,13 +164,29 @@
       - rm_user
       - rm_user_vshare
 
-    - name: Launch propagate users from LDAP to SID
+    - name: Launch propagate users from Snet LDAP to SID
+      # 25/07
+      # as seen with Jeremy on 25/07 and confirmed by Ricardo on 25/08, user creation/deletion is ok , but the update fails 
+      # -> while update of users is implemented, the flag --error-stop must not usedi
+      # richeju: changed var whoami to scrat_user, needs to be set in command
+      shell:
+        cmd: "/opt/auth/bin/sid_user.py -e prod --rw-user {{ scrat_user }}"
+        #cmd: "/opt/auth/bin/sid_user.py -e prod --rw-user {{ whoami }} --error-stop"
+      delegate_to: vworker4-lu.snmc.cec.eu.int
+      tags:
+      - mandatory
+      - propagate
+        #when: false    
+      
+    - name: Launch propagate SID groups from EC LDAP to SID
       shell:
-        cmd: "/opt/auth/bin/sid_user.py -e prod --rw-user {{ whoami }} --error-stop"
+        cmd: "/opt/auth/bin/sid_group.py -e prod --rw-user {{ scrat_user }}"
+        #cmd: "/opt/auth/bin/sid_user.py -e prod --rw-user {{ whoami }} --error-stop"
       delegate_to: vworker4-lu.snmc.cec.eu.int
       tags:
       - mandatory
       - propagate
+        #when: false
 
     - name: Launch propagate users on leankit
       shell:
@@ -183,6 +204,7 @@
       tags:
       - mandatory
       - propagate
+      when: false
 
     - name: Launch redmine LDAP sync
       shell: