Provision /etc/default/slapd

This is because the UNIX domain socket to connect to when performing LDAP lookups needs to be in the chroot. Also, don't open a INET socket unless we're a Sync Provider.
author: Guilhem Moulin <guilhem@fripost.org> 2013-12-01 22:21:41 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:51:02 +0200
commit: 0c99d9d1600c0fe2c494f9c59ba8ea7966dcd65f (patch)
tree: d97af36efc2f16a7164df52b5663d599196e6a7b /roles/common-LDAP/tasks
parent: ad5c4ebef590371352b4349443a7661fd25301ac (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index cb1e835..270924c 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -7,6 +7,15 @@
     - db-util
     - python-ldap
 
+- name: Configure slapd
+  template: src=etc/default/slapd.j2
+            dest=/etc/default/slapd
+            owner=root group=root
+            mode=0644
+  register: r1
+  notify:
+    - Restart slapd
+
 # Upon install slapd create and populate a database under /var/lib/ldap.
 # We clear it up and create a children directory to get finer-grain
 # control.
@@ -27,6 +36,7 @@
         dest=/var/lib/ldap/fripost/DB_CONFIG
         owner=openldap group=openldap
         mode=0600
+  register: r2
   notify:
     # Not sure if required
     - Restart slapd
@@ -64,4 +74,10 @@
     # TODO only if writable
     - constraint
 
+- name: Start slapd
+  service: name=slapd state=started
+  when: not (r1.changed or r2.changed)
+
+- meta: flush_handlers
+
 # TODO: authz constraint syncprov syncrepl
author	Guilhem Moulin <guilhem@fripost.org>	2013-12-01 22:21:41 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:51:02 +0200
commit	0c99d9d1600c0fe2c494f9c59ba8ea7966dcd65f (patch)
tree	d97af36efc2f16a7164df52b5663d599196e6a7b /roles/common-LDAP/tasks
parent	ad5c4ebef590371352b4349443a7661fd25301ac (diff)