Deploy sane ldap.conf for ldap clients.

roles/common/tasks/Debian.yml

@@ -38,5 +38,8 @@
 - name: Create LDAP certificate directory
   file: path=/etc/ldap/ssl state=directory
 
+- name: Create LDAP client config
+  template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf mode=0644
+
 - name: Copy LDAP certificate
   copy: src=BKCA.crt dest=/etc/ldap/ssl/BKCA.crt mode=0444

roles/common/templates/ldap.conf.j2

@@ -0,0 +1,17 @@
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+BASE	{{ ldap_base }}
+URI	{{ ldap_uri }}
+
+#SIZELIMIT	12
+#TIMELIMIT	15
+#DEREF		never
+
+# TLS certificates (needed for GnuTLS)
+TLS_CACERT	/etc/ldap/ssl/BKCA.crt
+