roles/ldapserver/templates/monitoruser.ldif.j2

+dn: cn=monitor,ou=People,dc=erc,dc=monash,dc=edu,dc=au
+objectClass: inetOrgPerson
+cn: binddn
+sn: binddn
+userPassword: {{ ldapBindDNHash.stdout }}
\ No newline at end of file

roles/ldapserver/templates/ppolicy_overlay_ldif.j2

-dn: olcOverlay=ppolicy,olcDatabase={2}bdb,cn=config
+dn: olcOverlay=ppolicy,{{ dbname }},cn=config
 olcOverlay: ppolicy
 objectClass: olcOverlayConfig
 objectClass: olcPPolicyConfig
 olcPPolicyHashCleartext: TRUE
 olcPPolicyUseLockout: FALSE
-olcPPolicyDefault: cn=default,ou=pwpolicies,{{ ldapDomain }}
+olcPPolicyDefault: cn=default,ou=pwpolicies,{{ ldapBase }}

roles/ldapserver/templates/pwpolicies_ldif.j2

-dn: ou=pwpolicies,{{ ldapDomain }}
+dn: ou=pwpolicies,{{ ldapBase }}
 objectClass: organizationalUnit
 objectClass: top
 ou: pwpolicies

roles/ldapserver/templates/real_accounts_ldif.j2

+dn: {{ ldapAccountBase }}
+objectClass: organizationalUnit

roles/ldapserver/templates/refint_config_ldif.j2

+dn: olcOverlay=refint,{{ dbname }},cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: refint
+olcRefintAttribute: memberof member manager owner

roles/ldapserver/templates/root_ldif.j2

-dn: {{ ldapDomain }}
+dn: {{ ldapBase }}
 objectClass: dcObject
 objectClass: organization
 o: {{ ansible_domain }}

roles/ldapserver/templates/ssl_ldif.j2

 dn: cn=config
 replace: olcTLSCACertificateFile
-olcTLSCACertificateFile: /etc/openldap/certs/cacert.pem
+olcTLSCACertificateFile: {{ ldapCAChainDest }}
 -
 replace: olcTLSCertificateFile
-olcTLSCertificateFile: /etc/openldap/certs/ldapcert.pem
+olcTLSCertificateFile:  {{ ldapCertDest }}
 -
 replace: olcTLSCertificateKeyFile
-olcTLSCertificateKeyFile: /etc/openldap/certs/ldapkey.pem
+olcTLSCertificateKeyFile: {{ ldapKeyDest }}

roles/ldapserver/templates/tls_settings.ldif.j2

+dn: {{ dbname }},cn=config
+changetype: modify
+replace: olcSecurity
+olcSecurity: tls=1

roles/ldapserver/vars/CentOS.yml

+---
+  ldapDir: "/etc/openldap"
+  module_path: "/usr/lib64/openldap/"
+

roles/ldapserver/vars/CentOS_6.5_x86_64.yml

@@ -3,3 +3,6 @@
   - openldap-servers
   - openldap-clients
   - openssl
+ dbname: olcDatabase={2}bdb
+ ldapuser: ldap
+ ldapgroup: ldap

roles/ldapserver/vars/CentOS_6.6_x86_64.yml

@@ -3,3 +3,6 @@
   - openldap-servers
   - openldap-clients
   - openssl
+ dbname: olcDatabase={2}bdb
+ ldapuser: ldap
+ ldapgroup: ldap

roles/ldapserver/vars/CentOS_6.7_x86_64.yml

+---
+ system_packages:
+  - openldap-servers
+  - openldap-clients
+  - openssl
+ dbname: olcDatabase={2}bdb
+ ldapuser: ldap
+ ldapgroup: ldap

roles/ldapserver/vars/CentOS_7.6_x86_64.yml

+---
+ system_packages:
+  - openldap-servers
+  - openldap-clients
+  - openssl
+ ldapuser:  ldap
+ ldapgroup: ldap
+ dbname: olcDatabase={2}hdb

roles/ldapserver/vars/Debian.yml

+---
+  ldapDir: "/etc/ldap"
+  module_path: "/usr/lib/ldap"

roles/ldapserver/vars/Debian_7.6_x86_64.yml

+---
+ system_packages:
+  - slapd
+  - ldap-utils
+  - openssl
+
+ ldapuser: openldap
+ ldapgroup: openldap
+ dbname: olcDatabase={1}hdb

roles/ldapserver/vars/Debian_8.0_x86_64.yml

+---
+ system_packages:
+  - slapd
+  - ldap-utils
+  - openssl
+
+ ldapuser: openldap
+ ldapgroup: openldap
+ dbname: olcDatabase={1}mdb

roles/ldapserver/vars/Ubuntu.yml

+---
+  ldapDir: "/etc/ldap"
+  module_path: "/usr/lib/ldap"

roles/ldapserver/vars/Ubuntu_20.04_x86_64.yml

+---
+ system_packages:
+  - slapd
+  - ldap-utils
+  - openssl
+
+ ldapuser: openldap
+ ldapgroup: openldap
+ dbname: olcDatabase={1}mdb

roles/ldapserver/vars/main.yml

 ---
-  ldapuser:  ldap
-  ldapgroup: ldap
+ldapCertDest: "{{ ldapDir }}/ssl/certs/ldapcert.pem"
+ldapKeyDest: "{{ ldapDir }}/ssl/private/ldapkey.pem"
+ldapCAChainDest: "{{ ldapDir }}/ssl/certs/cacert.pem"
+ldapCARootDest: "{{ ldapDir }}/ssl/certs/ca_cert.pem"