- name: Load and configure the syncprov overlay
  openldap: module=syncprov state=present
            suffix=o=mailHosting,dc=fripost,dc=org
            target=etc/ldap/syncprov.ldif
            local=file

- name: Enable the EXTERNAL SASL mechanism
  lineinfile: dest=/usr/lib/sasl2/slapd.conf
              regexp='^mech_list'':'
              line=mech_list':'' EXTERNAL'
              owner=root group=root
              mode=0644

- name: Copy the SyncRepls's client certificates
  assemble: src=certs/ldap
            remote_src=no
            dest=/etc/ldap/ssl/clients.pem
            owner=root group=root
            mode=0644
  tags:
    - genkey

# TODO: authz constraint