Add LDAP client tools

ldap/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+
+- name: install packages
+  package:
+    name: openldap-clients
+    state: installed
+
+- name: configure ldap client
+  template:
+    dest: /etc/openldap/ldap.conf
+    src: ldap.conf.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: authenticate to ldap with host certs when running as root
+  template:
+    dest: /root/.ldaprc
+    src: ldaprc.j2
+    mode: 0600
+    owner: root
+    group: "{{ ansible_wheel }}"

ldap/templates/ldap.conf.j2

@@ -0,0 +1,6 @@
+
+BASE {{ ldap_basedn }}
+URI {% for item in ldap_server %}ldaps://{{ item }} {% endfor %}
+
+TLS_CACERT {{ tls_bundle }}
+TLS_REQCERT demand

ldap/templates/ldaprc.j2

@@ -0,0 +1,3 @@
+TLS_KEY {{ tls_private }}/{{ inventory_hostname }}.key
+TLS_CERT {{ tls_certs }}/{{ inventory_hostname }}.crt
+SASL_MECH external