diff --git a/openldap-server/tasks/openldap-letsencrypt.yml b/openldap-server/tasks/openldap-letsencrypt.yml index 9ba215a..d1fb8e9 100644 --- a/openldap-server/tasks/openldap-letsencrypt.yml +++ b/openldap-server/tasks/openldap-letsencrypt.yml @@ -4,19 +4,25 @@ when: - openldap_letsencrypt_managed - letsencrypt_acme_install + register: openldap_letsencrypt_hook tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ] - name: Copy the SSL ldif on the ldap server - copy: src=olcSSL.ldif dest=/etc/ldap/olcSSL.ldif + copy: src=olcSSL.ldif dest=/etc/ldap/schema/olcSSL.ldif when: - openldap_letsencrypt_managed - letsencrypt_acme_install tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ] +- name: Run the letsencrypt hook una tantum to create the correct environment + shell: '{{ letsencrypt_acme_services_scripts_dir }}/openldap' + when: openldap_letsencrypt_hook is changed + tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ] + - name: Enable the openldap ssl configuration - shell: ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/olcSSL.ldif ; touch /etc/ldap/.olcSSL.ldif.installed + shell: ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/olcSSL.ldif ; touch /etc/ldap/schema/.olcSSL.ldif.installed args: - creates: /etc/ldap/.olcSSL.ldif.installed + creates: /etc/ldap/schema/.olcSSL.ldif.installed notify: Restart openldap when: - openldap_letsencrypt_managed diff --git a/openldap-server/tasks/openldap_initializazion.yml b/openldap-server/tasks/openldap_initializazion.yml index ef41255..5f780e0 100644 --- a/openldap-server/tasks/openldap_initializazion.yml +++ b/openldap-server/tasks/openldap_initializazion.yml @@ -1,7 +1,13 @@ --- - name: Install the apparmor additional configuration if we are going to use letsencrypt copy: src=usr.sbin.slapd.apparmor dest=/etc/apparmor.d/local/usr.sbin.slapd force=yes + register: slapd_apparmour when: openldap_letsencrypt_managed + tags: [ 'ldap_server', 'ldap', 'ldap_conf' ] + +- name: Restart apparmor + service: name=apparmor state=restarted + tags: [ 'ldap_server', 'ldap', 'ldap_conf' ] - name: Create a basic configuration via debconf debconf: name=slapd question='{{ item.question }}' value='{{ item.value }}' vtype='{{ item.vtype }}'