Fix the letsencrypt hook for openldap

openldap-server/tasks/openldap-letsencrypt.yml

@@ -4,19 +4,25 @@
   when:
     - openldap_letsencrypt_managed
     - letsencrypt_acme_install
+  register: openldap_letsencrypt_hook
   tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
 
 - name: Copy the SSL ldif on the ldap server
-  copy: src=olcSSL.ldif dest=/etc/ldap/olcSSL.ldif
+  copy: src=olcSSL.ldif dest=/etc/ldap/schema/olcSSL.ldif
   when:
     - openldap_letsencrypt_managed
     - letsencrypt_acme_install
   tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
 
+- name: Run the letsencrypt hook una tantum to create the correct environment
+  shell: '{{ letsencrypt_acme_services_scripts_dir }}/openldap'
+  when: openldap_letsencrypt_hook is changed
+  tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
+
 - name: Enable the openldap ssl configuration
-  shell: ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/olcSSL.ldif ; touch /etc/ldap/.olcSSL.ldif.installed
+  shell: ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/olcSSL.ldif ; touch /etc/ldap/schema/.olcSSL.ldif.installed
   args:
-    creates: /etc/ldap/.olcSSL.ldif.installed
+    creates: /etc/ldap/schema/.olcSSL.ldif.installed
   notify: Restart openldap 
   when:
     - openldap_letsencrypt_managed

openldap-server/tasks/openldap_initializazion.yml

@@ -1,7 +1,13 @@
 ---
 - name: Install the apparmor additional configuration if we are going to use letsencrypt
   copy: src=usr.sbin.slapd.apparmor dest=/etc/apparmor.d/local/usr.sbin.slapd force=yes 
+  register: slapd_apparmour
   when: openldap_letsencrypt_managed
+  tags: [ 'ldap_server', 'ldap', 'ldap_conf' ]
+
+- name: Restart apparmor
+  service: name=apparmor state=restarted
+  tags: [ 'ldap_server', 'ldap', 'ldap_conf' ]
 
 - name: Create a basic configuration via debconf
   debconf: name=slapd question='{{ item.question }}' value='{{ item.value }}' vtype='{{ item.vtype }}'