---

{{ slapd_hostname }} {{ slapd_san }}:
- mode: dns.nsupdate
  nsupdate_server: {{ acme_dnskey_server }}
  nsupdate_keyfile: {{ acme_dnskey_file }}
- path: /etc/ldap/ssl/srv.key
  user: openldap
  group: openldap
  perm: '400'
  format: key
  action: '/usr/sbin/service slapd restart'
- path: /etc/ldap/ssl/srv.crt
  user: openldap
  group: openldap
  perm: '400'
  format: crt,ca
  action: '/usr/sbin/service slapd restart'