- name: Configure TLS cert
  community.general.ldap_attrs:
    dn: cn=config
    state: present
    attributes:
      olcTLSCertificateFile: "{{ ldap_cert_path }}"
      olcTLSCertificateKeyFile: "{{ ldap_key_path }}"
  args:
    server_uri: ldapi:///
    sasl_mech: EXTERNAL

- name: Require TLS
  community.general.ldap_attrs:
    dn: olcDatabase={2}mdb,cn=config
    state: present
    attributes:
      olcSecurity: tls=1
  args:
    server_uri: ldapi:///
    sasl_mech: EXTERNAL