summaryrefslogtreecommitdiffstats
path: root/roles/common-LDAP
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-07-07 20:12:28 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:52:40 +0200
commit3e38718677b10faca8970d9b1cc8edc215cce798 (patch)
treebf923310388e57fb2f591ad621bc5b1240aa42ce /roles/common-LDAP
parent2dfe29dfcd35fae7160178e329fb0647cc896e3b (diff)
Fix race condition when generating cerificates for slapd.
The SyncProv won't start if the file olcTLSCACertificateFile points to doesn't exist.
Diffstat (limited to 'roles/common-LDAP')
-rw-r--r--roles/common-LDAP/tasks/main.yml26
1 files changed, 19 insertions, 7 deletions
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index 3b8b36c..85ad831 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -32,6 +32,8 @@
tags:
- genkey
+# XXX: It's ugly to list all roles here, and to prunes them with a
+# conditional...
- name: Generate a private key and a X.509 certificate for slapd
# XXX: GnuTLS (libgnutls26 2.12.20-8+deb7u2, found in Wheezy) doesn't
# support ECDSA; and slapd doesn't seem to support DHE (!?) so
@@ -75,9 +77,25 @@
dest=/etc/ldap/ssl/ldap.fripost.org.pem
owner=root group=root
mode=0644
+ when: "'LDAP-provider' not in group_names"
+ tags:
+ - genkey
+
+- name: Copy the SyncRepls's client certificates
+ assemble: src=certs/ldap
+ remote_src=no
+ dest=/etc/ldap/ssl/clients.pem
+ owner=root group=root
+ mode=0644
+ when: "'LDAP-provider' in group_names"
tags:
- genkey
- when: "'LDAP-provider' not in group_names"
+
+- name: Start slapd
+ service: name=slapd state=started
+ when: not (r1.changed or r2.changed)
+
+- meta: flush_handlers
- name: Copy fripost & amavis' schema
copy: src=etc/ldap/schema/{{ item }}
@@ -108,9 +126,3 @@
- name: Configure the LDAP database
openldap: target=etc/ldap/database.ldif.j2 local=template
state=present
-
-- name: Start slapd
- service: name=slapd state=started
- when: not (r1.changed or r2.changed)
-
-- meta: flush_handlers