diff --git a/roles/ldapserver/tasks/main.yml b/roles/ldapserver/tasks/main.yml
index c6bf89bd675971c10a8fc986f22f8e04962e8aa4..6035f190e67b809d4a8abca5bbe5c142ca966996 100644
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -8,15 +8,13 @@
     file: "{{ ansible_distribution }}.yml"
 
 - name: install system packages apt
-  apt: name={{ item }} state=present update_cache=true
+  apt: name={{ system_packages }} state=present update_cache=true
   become: true
-  with_items: "{{ system_packages }}"
   when: ansible_os_family == 'Debian'
 
 - name: install system packages yum
-  yum: name={{ item }} state=present
+  yum: name={{ system_packages }} state=present
   become: true
-  with_items: "{{ system_packages }}"
   when: ansible_os_family == 'RedHat'
 
 - name: Fixed default configuration
@@ -89,20 +87,20 @@
   become: true
 
 - name: copy cert
-  copy: src="files/{{ ldapCert }}" dest="{{ ldapCertDest }}"
+  copy: src="files_services/{{ ldapCert }}" dest="{{ ldapCertDest }}"
   become: true
 
 - name: copy ca cert
-  copy: src="files/{{ ldapCAChain }}" dest="{{ ldapCAChainDest }}"
+  copy: src="files_services/{{ ldapCAChain }}" dest="{{ ldapCAChainDest }}"
   become: true
 
 - name: copy ca root cert
-  copy: src="files/{{ ldap_TLSCARoot }}" dest="{{ ldapCARootDest }}"
+  copy: src="files_services/{{ ldap_TLSCARoot }}" dest="{{ ldapCARootDest }}"
   become: true
   when: ldap_TLSCARoot is defined
 
 - name: copy key
-  copy: src="files/{{ ldapKey }}" dest="{{ ldapKeyDest }}" mode=600 owner={{ ldapuser }} group={{ ldapgroup }}
+  copy: src="files_services/{{ ldapKey }}" dest="{{ ldapKeyDest }}" mode=600 owner={{ ldapuser }} group={{ ldapgroup }}
   become: true
 
 - name: enable ssl centos
@@ -115,14 +113,14 @@
   become: true
   when: ansible_os_family == 'RedHat' and ansible_distribution_major_version >= '7'
 
-- name: check TLS config
+- name: check TLS config is present
   shell: "slapcat -b cn=config | grep 'olcTLSCertificateKeyFile: {{ ldapKeyDest }}'"
   ignore_errors: true
   become: true
   register: tlsConfigured
 
 - name: copy db config
-  copy: src=files/DB_CONFIG dest=/var/lib/ldap/DB_CONFIG owner=ldap group=ldap mode=644
+  copy: src=files/DB_CONFIG dest=/var/lib/ldap/DB_CONFIG owner={{ ldapuser }} group={{ ldapgroup }} mode=644
   become: true
 
 - name: start ldap
@@ -132,7 +130,7 @@
 - name: initialise server ssl
   shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/ssl.ldif -D cn=config
   become: true
-  when: tlsConfigured|failed
+  when: tlsConfigured.failed
 
 - name: Initialise cosine and ppolicy
   shell: ldapadd -Y EXTERNAL -H ldapi:/// -f {{ ldapDir }}/schema/{{ item }}.ldif -D cn=config
@@ -144,15 +142,22 @@
   ignore_errors: true
   become: true
 
+- name: check auxposixgroup is present
+  shell: "slapcat -b cn=auxPosixGroup,cn=schema,cn=config | grep auxPosixGroup"
+  ignore_errors: true
+  become: true
+  register: auxposixgroup
+
 - name: copy the auxposixgroup schema
   copy: src="files/auxposixgroup.ldif" dest="{{ ldapDir }}/schema/auxposixgroup.ldif"
-  become: True
+  become: true
   become_user: root
 
 - name: load the auxposixgroup schema
   shell: ldapadd -Y EXTERNAL -H ldapi:/// -f "{{ ldapDir }}/schema/auxposixgroup.ldif" -D cn=config
   become_user: root
-  become: True
+  become: true
+  when: auxposixgroup.failed
 
 - name: check ppolicy module loaded
   shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}ppolicy"
@@ -163,7 +168,7 @@
 - name: load ppolicy module
   shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_modules.ldif -D cn=config
   become: true
-  when: ppolicyModuleLoaded|failed
+  when: ppolicyModuleLoaded.failed
 
 - name: check ppolicy overlay config
   shell: "slapcat -b cn=config | grep 'dn: olcOverlay={.*}ppolicy,olcDatabase={.*}.db,cn=config'"
@@ -174,7 +179,7 @@
 - name: add ppolicy overlay
   shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/ppolicy_overlay.ldif -D cn=config
   become: true
-  when: ppolicyOverlayConfigured|failed
+  when: ppolicyOverlayConfigured.failed
 
 - name: check refint module loaded
   shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}refint"
@@ -185,7 +190,7 @@
 - name: load refint module
   shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_refint.ldif -D cn=config
   become: true
-  when: refintModuleLoaded|failed
+  when: refintModuleLoaded.failed
 
 - name: check memberof module loaded
   shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}memberof"
@@ -196,28 +201,10 @@
 - name: load memberof module
   shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_memberof.ldif -D cn=config
   become: true
-  when: memberofModuleLoaded|failed
-
-- name: check member of config
-  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcMemberOf"
-  ignore_errors: true
-  register: memberOfConfigured
-
-- name: add member of config
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/memberOfConfig.ldif
-  when: memberOfConfigured|failed
-
-- name: check refinit config
-  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcRefintConfig"
-  ignore_errors: true
-  register: refintConfigured
-
-- name: add refint config
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/refint_config.ldif
-  when: refintConfigured|failed
+  when: memberofModuleLoaded.failed
 
 - name: check Manager config
-  shell: "slapcat -b cn=config | grep 'olcRootDN: {{ ldapManager }}'"
+  shell: "slapcat -b cn=config | grep 'olcRootDN: {{ ldapManagerDN }}'"
   ignore_errors: true
   become: true
   register: managerConfigured
@@ -225,16 +212,33 @@
 - name: initialise server manager
   shell:  ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/manager.ldif -D cn=config
   become: true
-  when: managerConfigured|failed
-- name: initialise server manager
+#  when: managerConfigured.failed
+  
+- name: initialise server manager2
   shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/manager2.ldif -D cn=config
   become: true
   ignore_errors: true
-  when: managerConfigured|failed
-- name: initialise server manager
-  shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/manager3.ldif -D cn=config
+#  when: managerConfigured.failed
+
+- name: check member of config
+  shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcMemberOf"
+  ignore_errors: true
+  register: memberOfConfigured
+
+- name: add member of config
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/memberOfConfig.ldif -D cn=config
+  when: memberOfConfigured.failed
+  become: true
+
+- name: check refinit config
+  shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcRefintConfig"
+  ignore_errors: true
+  register: refintConfigured
+
+- name: add refint config
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/refint_config.ldif
+  when: refintConfigured.failed
   become: true
-  when: managerConfigured|failed
 
 # slapcat does a line wrap at character 78. Don't attempt to match on {{ ldapManager }} as it will cross two lines
 - name: check ACL config
@@ -249,57 +253,57 @@
 - name: initialise server acls
   shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/acls.ldif -D cn=config
   become: true
-  when: aclConfigured|failed
+  when: aclConfigured.failed
 
 - name: check DIT config
-  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapBase }} -x -H ldap://localhost objectClass=dcObject"
+  shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapBase }} -x -H ldap://localhost objectClass=dcObject"
   ignore_errors: true
   register: ditConfigured
 
 - name: add DIT root
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/root.ldif
-  when: ditConfigured|failed
+  shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/root.ldif
+  when: ditConfigured.failed
 
 - name: check real Accounts config
-  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapAccountBase }} -x -H ldap://localhost objectClass=*"
+  shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapAccountBase }} -x -H ldap://localhost objectClass=*"
   ignore_errors: true
   register: realAccountsConfigured
   when: ldapAccountBase is defined
 
 - name: add real Accounts OU
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/real_accounts.ldif
-  when: realAccountsConfigured is defined and realAccountsConfigured|failed
+  shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/real_accounts.ldif
+  when: realAccountsConfigured is defined and realAccountsConfigured.failed
 
 - name: check Groups config
-  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=*"
+  shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=*"
   ignore_errors: true
   register: groupsConfigured
 
 - name: add Groups OU
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/groups.ldif
-  when: groupsConfigured|failed
+  shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/groups.ldif
+  when: groupsConfigured.failed
 
 - name: check aclroups config
-  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapAclGroupBase }} -x -H ldap://localhost objectClass=*"
+  shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapAclGroupBase }} -x -H ldap://localhost objectClass=*"
   ignore_errors: true
   register: aclgroupsConfigured
 
 - name: add aclgroups OU
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/acl_groups.ldif
-  when: aclgroupsConfigured|failed
+  shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/acl_groups.ldif
+  when: aclgroupsConfigured.failed
 
 
 - name: check Accounts config
-  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapUserBase }} -x -H ldap://localhost objectClass=*"
+  shell: "ldapsearch -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -b {{ ldapUserBase }} -x -H ldap://localhost objectClass=*"
   ignore_errors: true
   register: accountsConfigured
 
 - name: add Accounts OU
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/accounts.ldif
-  when: accountsConfigured|failed
+  shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/accounts.ldif
+  when: accountsConfigured.failed
 
 - name: check binddn config
-  shell: "ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b {{ ldapDomain }} -x -H ldap://localhost objectClass=dcObject"
+  shell: "ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b {{ ldapBase }} -x -H ldap://localhost objectClass=dcObject"
   ignore_errors: true
   register: binddnConfigured
 
@@ -312,25 +316,45 @@
   become: true
 
 - name: add binddn
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/binddn.ldif
+  shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/binddn.ldif
   become: true
-  when: binddnConfigured|failed
+  when: binddnConfigured.failed
 
 - name: check pwpolicies config
-  shell: ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b ou=pwpolicies,{{ ldapDomain }} objectClass=*
+  shell: ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b ou=pwpolicies,{{ ldapBase }} objectClass=*
   ignore_errors: true
   register: pwpoliciesConfigured
 
 - name: add pwpolicies
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -f /tmp/pwpolicies.ldif
-  when: pwpoliciesConfigured|failed
+  shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -f /tmp/pwpolicies.ldif
+  when: pwpoliciesConfigured.failed
 
 - name: check defaultPwpolicy config
-  shell: ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b cn=default,ou=pwpolicies,{{ ldapDomain }} objectClass=*
+  shell: ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b cn=default,ou=pwpolicies,{{ ldapBase }} objectClass=*
   ignore_errors: true
   register: defaultPpolicyConfigured
 
 - name: add defaultPwpolicy
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -f /tmp/default_ppolicy.ldif
-  when: defaultPpolicyConfigured|failed
+  shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -f /tmp/default_ppolicy.ldif
+  when: defaultPpolicyConfigured.failed
+
+- name: template monitoruser.ldif
+  template: src=monitoruser.ldif.j2 dest=/tmp/monitoruser.ldif
+
+- name: template monitoruser.ldif
+  template: src=monitoring.ldif.j2 dest=/tmp/monitoring.ldif
+
+- name: check monitoruser
+  shell: 'slapcat -b cn=monitor,ou=People,dc=erc,dc=monash,dc=edu,dc=au | grep "cn: monitor"'
+  ignore_errors: true
+  register: monitoruser
+  become: true
+
+- name: add monitoruser
+  #shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -f /tmp/default_ppolicy.ldif
+  shell: ldapadd -x -D {{ ldapManagerDN }} -w {{ ldapManagerPassword }} -H ldap://localhost -f /tmp/monitoruser.ldif
+  when: monitoruser.failed
 
+- name: add monitoruser
+  shell: ldapmodify -Y external -H ldapi:// -f /tmp/monitoring.ldif
+  when: monitoruser.failed
diff --git a/roles/ldapserver/templates/acls_ldif.j2 b/roles/ldapserver/templates/acls_ldif.j2
index 58a7bc074e234660600c8b1248c4b3ac1a546d4c..1f466ece54b88dc16a574ba13c0f762bf19458d7 100644
--- a/roles/ldapserver/templates/acls_ldif.j2
+++ b/roles/ldapserver/templates/acls_ldif.j2
@@ -1,6 +1,6 @@
 dn: {{ dbname }},cn=config
 changetype: modify
 add: olcAccess
-olcAccess: {0}to attrs=userPassword by dn="{{ ldapManager }}" write by self write by * auth
-olcAccess: {1}to attrs=shadowLastChange by dn="{{ ldapManager }}" write by self write by * read
+olcAccess: {0}to attrs=userPassword by dn="{{ ldapManagerDN }}" write by self write by * auth
+olcAccess: {1}to attrs=shadowLastChange by dn="{{ ldapManagerDN }}" write by self write by * read
 olcAccess: {2}to * by users read by anonymous auth
diff --git a/roles/ldapserver/templates/default_ppolicy_ldif.j2 b/roles/ldapserver/templates/default_ppolicy_ldif.j2
index 7400bc39342ea7d6e65017207be6c37ef8c5b6ba..fc1aed47c2024f7d6cddfab08bd28c450a293142 100644
--- a/roles/ldapserver/templates/default_ppolicy_ldif.j2
+++ b/roles/ldapserver/templates/default_ppolicy_ldif.j2
@@ -1,4 +1,4 @@
-dn: cn=default,ou=pwpolicies,{{ ldapDomain }}
+dn: cn=default,ou=pwpolicies,{{ ldapBase }}
 cn: default
 objectClass: pwdPolicy
 objectClass: top
diff --git a/roles/ldapserver/templates/load_memberof_ldif.j2 b/roles/ldapserver/templates/load_memberof_ldif.j2
index c47d42097a1b477454c370d40da90508ab00f911..dc3e09ce1d0b21b03c0fc80c112967235d1b432e 100644
--- a/roles/ldapserver/templates/load_memberof_ldif.j2
+++ b/roles/ldapserver/templates/load_memberof_ldif.j2
@@ -1,4 +1,5 @@
-dn: cn=module{0},cn=config
-changetype: modify
-add: olcModuleLoad
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: {{ module_path }}
 olcModuleLoad: memberof.la
diff --git a/roles/ldapserver/templates/load_refint_ldif.j2 b/roles/ldapserver/templates/load_refint_ldif.j2
index 746194ac1bfde224e18b13360ddfc82190d695fe..596c88fbee7cb61799ffe30f0b4a0070a5558437 100644
--- a/roles/ldapserver/templates/load_refint_ldif.j2
+++ b/roles/ldapserver/templates/load_refint_ldif.j2
@@ -1,4 +1,5 @@
-dn: cn=module{0},cn=config
-changetype: modify
-add: olcModuleLoad 
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: {{ module_path }}
 olcModuleLoad: refint.la
diff --git a/roles/ldapserver/templates/manager_ldif.j2 b/roles/ldapserver/templates/manager_ldif.j2
index d6898024803889b30d4e23108ac5ea8e0d87559c..c435dddbff380635f540788f152cc70b20855b5c 100644
--- a/roles/ldapserver/templates/manager_ldif.j2
+++ b/roles/ldapserver/templates/manager_ldif.j2
@@ -1,7 +1,7 @@
 dn: {{ dbname }},cn=config
 changetype: modify
 replace: olcSuffix
-olcSuffix: {{ ldapDomain }}
+olcSuffix: {{ ldapBase }}
 -
 replace: olcRootDN
-olcRootDN: {{ ldapManager }}
+olcRootDN: {{ ldapManagerDN }}
diff --git a/roles/ldapserver/templates/memberOfConfig_ldif.j2 b/roles/ldapserver/templates/memberOfConfig_ldif.j2
index 61f8685e69dcbc48ad623cf49f0ffa8be87f46ef..80fe6bd4a12a4902c86e6f80012e0ccc0f07c714 100644
--- a/roles/ldapserver/templates/memberOfConfig_ldif.j2
+++ b/roles/ldapserver/templates/memberOfConfig_ldif.j2
@@ -1,4 +1,4 @@
-dn: olcOverlay=memberof,olcDatabase={2}bdb,cn=config
+dn: olcOverlay=memberof,{{ dbname }},cn=config
 objectClass: olcConfig
 objectClass: olcMemberOf
 objectClass: olcOverlayConfig
diff --git a/roles/ldapserver/templates/monitoring.ldif.j2 b/roles/ldapserver/templates/monitoring.ldif.j2
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/roles/ldapserver/templates/monitoruser.ldif.j2 b/roles/ldapserver/templates/monitoruser.ldif.j2
new file mode 100644
index 0000000000000000000000000000000000000000..590bb51a14eefbe04c479709962598ed094ff11a
--- /dev/null
+++ b/roles/ldapserver/templates/monitoruser.ldif.j2
@@ -0,0 +1,5 @@
+dn: cn=monitor,ou=People,dc=erc,dc=monash,dc=edu,dc=au
+objectClass: inetOrgPerson
+cn: binddn
+sn: binddn
+userPassword: {{ ldapBindDNHash.stdout }}
\ No newline at end of file
diff --git a/roles/ldapserver/templates/ppolicy_overlay_ldif.j2 b/roles/ldapserver/templates/ppolicy_overlay_ldif.j2
index 43d27e6e5dff0025e8a0de2302ee5e8b631971c1..5762da02e35d83c00cf76430626d5f9ec9d2b9dc 100644
--- a/roles/ldapserver/templates/ppolicy_overlay_ldif.j2
+++ b/roles/ldapserver/templates/ppolicy_overlay_ldif.j2
@@ -4,4 +4,4 @@ objectClass: olcOverlayConfig
 objectClass: olcPPolicyConfig
 olcPPolicyHashCleartext: TRUE
 olcPPolicyUseLockout: FALSE
-olcPPolicyDefault: cn=default,ou=pwpolicies,{{ ldapDomain }}
+olcPPolicyDefault: cn=default,ou=pwpolicies,{{ ldapBase }}
diff --git a/roles/ldapserver/templates/pwpolicies_ldif.j2 b/roles/ldapserver/templates/pwpolicies_ldif.j2
index 1f0b93cd844eea2f418ab6b20a3704c7dbf2e386..609f70cae0a31cf49dff516b8710c03fb71c2dcc 100644
--- a/roles/ldapserver/templates/pwpolicies_ldif.j2
+++ b/roles/ldapserver/templates/pwpolicies_ldif.j2
@@ -1,4 +1,4 @@
-dn: ou=pwpolicies,{{ ldapDomain }}
+dn: ou=pwpolicies,{{ ldapBase }}
 objectClass: organizationalUnit
 objectClass: top
 ou: pwpolicies
diff --git a/roles/ldapserver/templates/refint_config_ldif.j2 b/roles/ldapserver/templates/refint_config_ldif.j2
index 343e4006320c959ce84d54fefcb54ff6c3181cc3..4b68153ff31bbbc0615ea446acd17ce42ce5bc61 100644
--- a/roles/ldapserver/templates/refint_config_ldif.j2
+++ b/roles/ldapserver/templates/refint_config_ldif.j2
@@ -1,4 +1,4 @@
-dn: olcOverlay=refint,olcDatabase={2}bdb,cn=config
+dn: olcOverlay=refint,{{ dbname }},cn=config
 objectClass: olcConfig
 objectClass: olcOverlayConfig
 objectClass: olcRefintConfig
diff --git a/roles/ldapserver/templates/root_ldif.j2 b/roles/ldapserver/templates/root_ldif.j2
index c3a43f303bc6f61eff0ecad531fbe96b0fa80e4a..48b00816b5d228f033ccf1407acc6005ca06f1d7 100644
--- a/roles/ldapserver/templates/root_ldif.j2
+++ b/roles/ldapserver/templates/root_ldif.j2
@@ -1,4 +1,4 @@
-dn: {{ ldapDomain }}
+dn: {{ ldapBase }}
 objectClass: dcObject
 objectClass: organization
 o: {{ ansible_domain }}
diff --git a/roles/ldapserver/vars/Ubuntu.yml b/roles/ldapserver/vars/Ubuntu.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c10225e07a2bd8a5f705f6aea96d06b86f130edb
--- /dev/null
+++ b/roles/ldapserver/vars/Ubuntu.yml
@@ -0,0 +1,3 @@
+---
+  ldapDir: "/etc/ldap"
+  module_path: "/usr/lib/ldap"
diff --git a/roles/ldapserver/vars/Ubuntu_20.04_x86_64.yml b/roles/ldapserver/vars/Ubuntu_20.04_x86_64.yml
new file mode 100644
index 0000000000000000000000000000000000000000..feca8e7de9421eb8c83d4e5d6edb88876185c441
--- /dev/null
+++ b/roles/ldapserver/vars/Ubuntu_20.04_x86_64.yml
@@ -0,0 +1,9 @@
+---
+ system_packages:
+  - slapd
+  - ldap-utils
+  - openssl
+
+ ldapuser: openldap
+ ldapgroup: openldap
+ dbname: olcDatabase={1}mdb