[slapd] Deploy LDAP certificate

plays/root.yml

@@ -28,6 +28,9 @@
 - hosts: slapd
   vars:
     slapd: '{{ glob_slapd | combine(loc_slapd | default({})) }}'
+    ldap:
+      private_key: "{{ vault_ldap_private_key }}"
+      certificate: "{{ vault_ldap_certificate }}"
   roles:
     - slapd
 

roles/slapd/tasks/main.yml

@@ -15,11 +15,15 @@
 
 - name: Deploy slapd configuration
   template:
-    src: ldap/slapd.conf.j2
+    src: "ldap/{{ item.dest }}.j2"
-    dest: /etc/ldap/slapd.conf
+    dest: "/etc/ldap/{{ item.dest }}"
-    mode: 0600
+    mode: "{{ item.mode }}"
     owner: openldap
     group: openldap
+  loop:
+    - { dest: slapd.conf, mode: "0600" }
+    - { dest: ldap.key, mode: "0600" }
+    - { dest: ldap.pem, mode: "0644" }
   notify: Restart slapd
 
 - name: Deploy ldap services

roles/slapd/templates/ldap/ldap.key.j2

@@ -0,0 +1 @@
+{{ ldap.private_key }}

roles/slapd/templates/ldap/ldap.pem.j2

@@ -0,0 +1 @@
+{{ ldap.certificate }}

roles/slapd/templates/ldap/slapd.conf.j2

@@ -35,9 +35,8 @@ moduleload 		syncprov
 # TODO FAIRE LES CERTIFICATS
 # TLS Certificates
 #TLSCipherSuite HIGH:MEDIUM:-SSLv2:-SSLv3
-#TLSCACertificateFile /etc/ssl/certs/ServENS.crt
+TLSCertificateFile /etc/ldap/ldap.pem
-#TLSCertificateFile /etc/ldap/ldap.pem
+TLSCertificateKeyFile /etc/ldap/ldap.key
-#TLSCertificateKeyFile /etc/ldap/ldap.key
 
 # The maximum number of entries that is returned for a search operation
 sizelimit 500