Init new ldap server role

2026-01-23 16:26:39 -07:00
parent d18353d2ae
commit 7a377c09e0
7 changed files with 153 additions and 80 deletions
--- a/ansible/roles/openldap_server/tasks/tls.yaml
+++ b/ansible/roles/openldap_server/tasks/tls.yaml
@@ -0,0 +1,20 @@
+- name: Configure TLS cert
+  community.general.ldap_attrs:
+    dn: cn=config
+    state: present
+    attributes:
+      olcTLSCertificateFile: "{{ ldap_cert_path }}"
+      olcTLSCertificateKeyFile: "{{ ldap_key_path }}"
+  args:
+    server_uri: ldapi:///
+    sasl_mech: EXTERNAL
+
+- name: Require TLS
+  community.general.ldap_attrs:
+    dn: olcDatabase={2}mdb,cn=config
+    state: present
+    attributes:
+      olcSecurity: tls=1
+  args:
+    server_uri: ldapi:///
+    sasl_mech: EXTERNAL