From fc3e2ef779a63a8d58350f7229383b1db275f5dc Mon Sep 17 00:00:00 2001
From: Jonathan DeMasi <me@jthan.io>
Date: Wed, 21 Jan 2026 21:54:46 -0700
Subject: [PATCH] add firewall rules, copy default config

---
 ansible/roles/openldap_server/tasks/main.yaml | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/ansible/roles/openldap_server/tasks/main.yaml b/ansible/roles/openldap_server/tasks/main.yaml
index c6d910c..ed074ea 100644
--- a/ansible/roles/openldap_server/tasks/main.yaml
+++ b/ansible/roles/openldap_server/tasks/main.yaml
@@ -13,3 +13,44 @@
       - openssl
       - openssl-devel
     state: present
+
+- name: Permanently enable ldap service firewalld
+  ansible.posix.firewalld:
+    service: ldap
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Permanently enable ldaps service firewalld
+  ansible.posix.firewalld:
+    service: ldaps
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Create ldifs directory
+  file:
+    path: /etc/openldap/ldifs
+    state: directory
+    mode: '0700'
+    owner: ldap
+    group: ldap
+
+- name: Copy default configuration ldif
+  copy:
+    src: /usr/share/openldap-servers/slapd.ldif
+    dest: /etc/openldap/ldifs/slapd.ldif
+    owner: ldap
+    group: ldap
+    mode: '0600'
+    force: false
+    remote_src: true
+
+#- name: Start and enable slapd
+#  service:
+#    name: slapd
+#    state: started
+#    enabled: true
+