From 07ca697e63544e5de9b0efd700bc452bb4f2dba5 Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Wed, 6 Apr 2016 09:50:00 +0200
Subject: [PATCH] Deploy sane ldap.conf for ldap clients.

---
 roles/common/tasks/Debian.yml       |  3 +++
 roles/common/templates/ldap.conf.j2 | 17 +++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 roles/common/templates/ldap.conf.j2

diff --git a/roles/common/tasks/Debian.yml b/roles/common/tasks/Debian.yml
index 8d2ba3c..e33c149 100644
--- a/roles/common/tasks/Debian.yml
+++ b/roles/common/tasks/Debian.yml
@@ -38,5 +38,8 @@
 - name: Create LDAP certificate directory
   file: path=/etc/ldap/ssl state=directory
 
+- name: Create LDAP client config
+  template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf mode=0644
+
 - name: Copy LDAP certificate
   copy: src=BKCA.crt dest=/etc/ldap/ssl/BKCA.crt mode=0444
diff --git a/roles/common/templates/ldap.conf.j2 b/roles/common/templates/ldap.conf.j2
new file mode 100644
index 0000000..4622f5a
--- /dev/null
+++ b/roles/common/templates/ldap.conf.j2
@@ -0,0 +1,17 @@
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+BASE	{{ ldap_base }}
+URI	{{ ldap_uri }}
+
+#SIZELIMIT	12
+#TIMELIMIT	15
+#DEREF		never
+
+# TLS certificates (needed for GnuTLS)
+TLS_CACERT	/etc/ldap/ssl/BKCA.crt
+